first time setting up a site-to-site VPN with openVPN over pfSense
-
Hi all,
I have to create a site-to-site VPN and I would like to use OpenVPN over pfSenseI already used openVPN but not for a site-to-site cfg; instead, unfortunately, I never used pfSense
I imangine I would have, in both site:
-
a router connected to internet
-
behind the router a PC as "firewall + endpoint of the site-to-site VPN"
-
behind the firewall/endpoint the LAN
I think to use a very normal PC as hardware (simply 2 etc card, one to connect router, the other one the LAN), formatted, emptied and without any OS initially installed
I found several useful guides on the web and, at the end, guess the step to follow should be these (please correct where I go wrong):
-
install pfSense (guide here https://docs.netgate.com/pfsense/en/latest/install/installing-pfsense.html) on my PC
-
on the same PC install openVPN: may you please post me a good guide?
-
setup the site-to-site VPN with openVPN: may you please post me a good guide?
My questions are:
- has the above configuration a sense?
- have I to ask to my internet provider some special/particular configuration on their router (no NAT or something else...) to let my cfg run?
thanks to all!
-
-
Best and easy way is to use pfSense as your edge router, not like a plain OpenVPN server behind any existing router.
Check:
https://www.netgate.com/resources/videos/site-to-site-vpns-on-pfsense.html
https://www.netgate.com/resources/videos/advanced-openvpn-on-pfsense-24.html
and the documentation: https://docs.netgate.com/pfsense/en/latest/book/openvpn/index.html-Rico
-
thank you @Rico for you reply
I will read it soon!
then I should connect the internet cable directly to the WAN port of the pfSense.
If I use pfSense in place of the ISP router:
do you think I should ask my internet provider for the line parameters to be settled up on pfSense?
or maybe have I to set up some other special configuration on the pfSense because I use it in place of the ISP router?thanks!