Pfsense behind ADSL Modem/Router Packages, upgrades, ipsec
-
I just moved to Germany and am having to deal with DSL for the first time. I have a ADSL modem/router that doesn't have a bridge mode. Furthermore, the routers webmanagement is in german which makes setup interesting ;). I have read several posts talking about various issues related to multiple routers, but couldn't find anything that would solve my issues. I'm trying to accomplish 3 things:
1) update my pfsense box
2) install packages
3) Setup an ipsec tunnel (endpoint to endpoint). Is this even possible from behind a router without a public IP?I have a feeling that DNS forwarder is my answer but am not sure how to set it up properly. My network setup is as follows:
Internet -> ADSL modem/router -> Lan 1 -> pfsense WAN ->pfsense LAN -> Lan 2
outside IP -> 92.168.1.1/24 -> 192.168.1.* -> 192.168.1.55 -> 192.168.3.1/16 -> 192.168.3.*Any help would be greatly appreciated,
-V -
I run pfSense behind a ADSL modem/router. A couple of months ago I tried to get the modem/router to operate in bridged mode but wasn't successful so I reverted to operating it as a router.
Unless I've misinterpreted your configuration information it appears you may have an illegal configuration. You haven't specified the network mask of the pfSense WAN interface: the mask of the two interfaces should be such that the two interfaces are on different networks, for example WAN is 192.168.1.55/24 and LAN is 192.168.3.1/24.
Lets look at your task 1: To update your pfSense box (presumably from a web browser running on a system on Lan 2). How will that system get the IP address of a named system? It has to have the IP address of a name server. How will it get that address? You have to configure it or, if the system gets its IP address by DHCP, the DHCP server can tell it the IP address of the name server. If pfSense is the DHCP server then you must configure the Name server IP address in Services -> DHCP server or in System -> General Setup.
For the name server you could use your ISP's name server (the address is probably displayed somewhere on an ISP 'configuration help' page but that may not be much help if your German isn't very good) or one like OpenDNS (see http://www.opendns.com) which provides some neat features and reporting. If your ISP provides your IP address by DHCP then it probably also provides IP addresses of name server(s).
I use openDNS name server. I have the pfSense DNS forwarder enabled, I have Register DHCP static mappings in DNS forwarder enabled and I have pfSense acting as a DHCP server for all systems "downstream" of pfSense.
-
Thank you for your reply,
I should have specified my setup a bit further. I have pfsense as the DHCP server for my network. It is also providing opendns to all clients. The first router is only providing internet service to the pfsense box. I also forwarded ports 1-5000 to the pfsense box from the ADSL router. Under the general tab, I set up opendns in the dns fields and unchecked the " Allow DNS server list to be overridden by DHCP/PPP on WAN" box. A reboot fixed my inability to upgrade my router and get packages. I am not using the dns forwarder for anything.
Now, my only issue is ipsec? Is an endpoint to endpoint ipsec tunnel even possible without a public address? If so, how do you specify the pfsense box on the first network? Is it just a matter of forwarding the IPSEC ports to the pfsense box? This is an issue I have never experimented with and will have have a hard time working since the other endpoint is in the states.
This post may need to be relocated to the VPN section.
Thank you for your help,
-V -
Post relocated to http://forum.pfsense.org/index.php/topic,17568.msg90888.html#msg90888