PfSense behind ISP modem/router combo
-
@cmos_battery said in PfSense behind ISP modem/router combo:
Currently its using the interface IP address which would probably be the WAN.
Which would be rfc1918, since your behind a nat - how would you get to that from the public internet.
Think about it for 2 seconds..
I really don't mean to sound rude or anything.. But you put up a drawing showing your pfsense interface as being rfc1918.. How would you get to that from the public internet? So how would you think the interface IP would work?
hint:
Your actual PUBLIC IP! or FQDN that resolve to your public IP.
-
Ok we’ll thanks for not being rude. My professors haven’t taught me too much on VPN’s seeing as I’m only a sophomore.
And I’m just seeing your hint. Thank you, I had seen other. Again, I’m just a sophomore in a CIS program. Thank you for giving me a learning moment, I haven’t been able to get much lab time with Covid and the professors eased up on our work. We haven’t been getting all the info we really need.
It is working so far within my home network, I have the servers address posted as the Public IP. Ill just need to go out to a close by store and test it.
-
So you have not gone over what a public IP is vs rfc1918 yet? I would think that would be like day 1 or 2 ;) When learning about IPs..
This would be top of the list sort of stuff to understand when working with natting and routing and the internet. ;) Would clearly be a prerequisite for setting up a vpn server that does nat and is connected to the public..
Since pretty much every single home router does nat, well really napt. And uses rfc1918 space as their local network.. Understanding the difference between a public IP and a private IP would be pretty early in the lesson plan ;) Where you sick the first week and missed class? I kid you - but this is basic stuff here..
I have to blame the teacher I guess ;)
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
Unfortunately it's all too easy to come across as either incredibly patronizing or incomprehensible depending on the experience of the questioner.
You said you were seeing packets as expected on the WAN which lead me down the wrong path.
Anyway I think that is your issue. As I test I would just set the client to use the external public IP manually and retest. If you can do that at the same time as having a packet capture running on the pfSense WAN (using a phone hotspot for example) you should see that traffic coming in even if the connection fails for some other reason.
Steve
-
@johnpoz
Most of my classes that teach me that information wont come till the end of my sophomore year, next spring and fall. My entire freshman year and this upcoming fall semester is nothing but stats business calculus, and low level intro classes like your basic high school classes all over again and for a ton of money.
I don't understand, even in my networking associates why we avoided VPN's so much. I remember briefly doing Public Vs. Private and that we should assume all 10.X.X.X addresses are private and a few others. For the most part we got told "you'll just learn it through the companies you work for." or the even better "If the company is good, you just need to maintain what they have." That's a great fantasy scenario from my professors, I mean really. What would I do if a branch popped up and my boss asked for them to get remote connection to the servers. I cant just say I don't know. At the same time, yeah I feel like a dumbass having to ask some questions here that I feel like my $30K degree should have taught me. -
One thing to bear in mind is there's nothing magic about VPNs. They're just one way to establish an IP connection between sites. Once they're set up, you use then as you would any other connection. Years ago, things like frame relay and fractional T1s were used. These days, out in the real world, you might come across MPLS or QinQ VLANs, As for setting up VPNs, you have to know which one and the specifics depend on the brand. For example pfsense supports OpenVPN, IPSec and Wireguard VPNs. But the details of configuring IPSec, for example, on Cisco would differ from pfsense. I don't know that a class such as your is the place to learn more than general principles, though you may get into setting up one. But when you get out into the real world, you could easily find yourself working with another. The principles will remain the same, the but details may differ and you'd be expected to work those out on your own. One thing I complained about years ago was the schools teaching Windows and Microsoft Office, rather than operating systems and office apps, so that a person would have portable skills. It's sort of like a auto mechanic class teaching only one make of vehicle, as though the others didn't exist.
