Accessing via cloud service
The problem I'm facing is as follows:
I have a 4g router connected to a pfSense box and 30 devices connected including smart devices and everything works just fine, however I now have a need to remote in to devices on my network but as a 4g router it has no ability to access like a cable / dsl service would.
I decided the best route to take would be to spin up pfSense box on a cloud service (I used Vultr). Then setup a VPN connection between my home pfSense box and the cloud based pfSense. I would then VPN to the cloud service and from there I would then be able to access my home network.
Does anyone have a guide or suggestion on how I can make this work. I will still want all traffic on the network going through the default home gateway so the only traffic going through the cloud would be an RDP connection.
Thanks in advance,
There are several ways to do this but I would just VPN from you client to the cloud pfSense as you said. As long as the other site-to-site VPN is up you would then have access to any subnet is is routing to, probably the complete LAN subnet at the remote pfSense. You would just need to make sure the correct subnets are routed and firewall rules exist.
You could also just port forward to it from the cloud pfSense but obviously using all VPNs is much safer.
Sorry for the delay in my reply. It's not exactly like that as it's not really a true site-to-site scenario.
The company I'm doing this work for are on a farm with no landline broadband, so I've got them setup using a TP-Link Archer MR600 4g router which is connected to a pfSense box. Speeds of around 35Mbps, so enough for there needs.
As I can't directly VPN into there box because of carrier
CGNAT I need to connect there pfSense box to a cloud based pfSense. This cloud pfSense would then also have a road warrior VPN connection using radius and 2fa, to allow me to connect to my clients network for remote support.
I have signed up with Vultr as they support pfSense and it's only $5 per month.
Any further help would be greatly appreciated.
Yeah, that's still site-to-site from the farm to the cloud. Then Remote Access to the client fro your client and you can get access to the farm LAN subnet.