pfSense as VPN tunnel only, not a FW
-
Hi
I am running pfSense as a VM on HyperV but do not wish to use it as a FW, only a means by which to establish a VPN tunnel back to HQ. The physical internet router is going to be the configured gateway for all clients and will also provide routing tables directing clients to the pfSense gateway as necessary. However, pfSense wants two interfaces, a WAN and a LAN. I'm in a pickle over concepts.
Possible? Thanks
-
If you only want a VPN, why do you even need pfsense? You can run a VPN on any computer. However, running the VPN on the router makes using the VPN easier, as it's on the default route.
-
@nadj said in pfSense as VPN tunnel only, not a FW:
However, pfSense wants two interfaces, a WAN and a LAN.
Why do you think so?
If the machine provides only one NIC, pfSense will call it WAN and allow access to the web configurator on it by default.
So you can login on the GUI and configure the VPN. -
@viragomann Interesting, I followed the guide for setting it up and didn't think. Thanks
-
@jknott - The ideas was that in the future it would become a full FW/VPN gateway
-
The problem with not using it as the gateway now is you have to route the traffic to the VPN when it's not on the default route. I don't know that you can do that with DHCP clients. If it was the default route then pfsense would sort out where the packets are supposed to go.
-
Yup you can just use one interface.
Yes, having two routers in one subnet is a recipe for asymmetry.
https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html#troubleshooting-asymmetric-routingIf you disable pf entirely in pfSense it won't care but your other should should if it's a proper stateful firewall. The correct way to do that is use a separate transport subnet between pfSense and the other firewall that doesn't have any clients in it.
Steve
