Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN Question

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ILIKENETGATE
      last edited by

      Hi,

      New to Netgate and pfSense. Learning more and more everyday. I know VPN's can be pretty complicated so I'm trying to simplify them. Currently I have a subscription to Vyper VPN where I log in with a user name and password on an individual PC to make a VPN connection. Can the user name and password be put into my Netgate somewhere in the VPN section and have my whole LAN be on the VPN? If so where would I start to accomplish this.

      Thanks much!

      1 Reply Last reply Reply Quote 0
      • B
        bcruze
        last edited by

        i found this article: https://forum.goldenfrog.com/t/vyprvpn-on-pfsense-working/4467

        1 Reply Last reply Reply Quote 0
        • I
          ILIKENETGATE
          last edited by

          Thanks for the article. Thinking about this more if I go the VPN route will all the ports I opened to get to devices inside my LAN still work considering the IP to access my network will need to be the variably assigned VPN address?

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            You will still be able to access your WAN while the VPN is up.
            pfSense handles the VPN as an additional WAN connection, but it is only used for upstream traffic. Response packets to requests coming in the WAN interface are sent back to the WAN gateway (controlled by reply-to), though.
            Ensure that the incoming traffic is not matched by floating rules.

            I 1 Reply Last reply Reply Quote 0
            • I
              ILIKENETGATE @viragomann
              last edited by

              @viragomann OK that's good to know. Thanks! Since I'm new would you mind explaining the floating rules and where they are at in pf Sense and the implications if they are matched?

              1 Reply Last reply Reply Quote 0
              • V
                viragomann
                last edited by

                That traffic must not be matched by floating rules.

                Firewall > rules
                Here you see tabs for each logical interface. At the left side is the floating tab. Floating rules can be assigned to multiple interfaces or on outbound traffic (seen from pfSense, outgoing an interface) as well. Rules on the interface tab are only applied on inbound traffic.
                So you have to put your rules on the WAN tab.

                I 1 Reply Last reply Reply Quote 0
                • I
                  ILIKENETGATE @viragomann
                  last edited by

                  @viragomann So then when this is completed all my internet traffic in and out of the pf Sense will go through the VPN connection unless I tun off the VPN. And will the logging into the VPN that would have been done manually if it was on an individual PC be done automatically with the certificate that I will work on with the supplied instructions (first comment)?

                  This will be my weekend project :) Thanks for your help.

                  1 Reply Last reply Reply Quote 0
                  • V
                    viragomann
                    last edited by

                    To distinguish inbound and outbound connection, outbound connections are initialized by an internal device (on LAN or other internal network) like the web browser on your PC.
                    Inbound connections are initialized from a device outside your network and can only happen if you have firewall rules set on your WAN interface which allow it. Inbound is also possible on a VPN connection, but I'm in doubt your VPN provider forward something to you.

                    So if you have no inbound traffic allowed and run vpn client all your traffic will pass the vpn. If the vpn is down, your traffic goes out to WAN.

                    pfSense starts the vpn connection automatically and keeps it up.

                    I 2 Replies Last reply Reply Quote 0
                    • I
                      ILIKENETGATE @viragomann
                      last edited by

                      @viragomann Thanks for your quick replies. I think this does it until I get started and hopefully it will go smoothly. Thanks again for your help.

                      1 Reply Last reply Reply Quote 0
                      • I
                        ILIKENETGATE @viragomann
                        last edited by

                        @viragomann OK armed with all this information I couldn't wait until the weekend and got it done today. It works but really slows down the internet to about 30-40 MPS from my 150MPS. I guess I'll use the VPN service when I need it by turning it off under the services section. I did tun on the cryptographic engine in the settings since my 3100 has it but I didn't see much of a speed change. BTW for those reading the Vypr VPN customer link in the beginning of this, ignore pasting in the items listed in the advance section. When this was in place I could not connect to the VPN provider. When I removed it I could make the connection.

                        B 1 Reply Last reply Reply Quote 0
                        • B
                          bcruze @ILIKENETGATE
                          last edited by

                          @ILIKENETGATE said in VPN Question:

                          @viragomann OK armed with all this information I couldn't wait until the weekend and got it done today. It works but really slows down the internet to about 30-40 MPS from my 150MPS. I guess I'll use the VPN service when I need it by turning it off under the services section. I did tun on the cryptographic engine in the settings since my 3100 has it but I didn't see much of a speed change. BTW for those reading the Vypr VPN customer link in the beginning of this, ignore pasting in the items listed in the advance section. When this was in place I could not connect to the VPN provider. When I removed it I could make the connection.

                          right. i have to remove several options as well.

                          check your send and receiver buffer. i usually use 256k

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.