• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfSense on vm for remote acccess using vpn

Scheduled Pinned Locked Moved General pfSense Questions
6 Posts 4 Posters 739 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jolu_itsme
    last edited by May 24, 2022, 1:56 PM

    Hey all,

    I have been wondering if pfSense is suitable to use on a VM and provide a solution for remote access to our network? Currently we have a Ubiquiti USG which doesn't really support a good solution for vpn clients.

    Is it suitable to build a vm on which pfSense can run? And is it capable of providing 20-50 vpn client connections? If so what requirements do i need for a VM?

    V 1 Reply Last reply May 24, 2022, 2:24 PM Reply Quote 0
    • V
      viragomann @jolu_itsme
      last edited by May 24, 2022, 2:24 PM

      @jolu_itsme
      Yes, pfSense runs fine on almost all hypervisor, presumed you set it up according to the docs: https://docs.netgate.com/pfsense/en/latest/virtualization/index.html

      However, as I understand your intention, you want to run pfSense for VPN only, while the router role is on another device.
      When you run a VPN access server which is not the internet router, you have to route the VPN client subnet to the vpn server, so that response packets from local devices are directed back to the vpn server.

      Best practice to do this, is create a transit network between the router and pfSense. On the router you have to add a static route for the VPN clients network pool and point it to pfSense.
      This way you only need a static route on the router. When your local devices respond to vpn clients, they send packets to the router and there the traffic is directed to pfSense.

      1 Reply Last reply Reply Quote 0
      • A
        AndyRH
        last edited by May 24, 2022, 2:29 PM

        Another option is to bring up a dedicated VPN server. I run a Ubuntu WG server instead of running WG or OpenVPN on pfSense.

        o||||o
        7100-1u

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by May 24, 2022, 9:19 PM

          Either way you would still want to use it on a separate interface on the main router to avoid asymmetric routing.

          Steve

          V 1 Reply Last reply May 24, 2022, 9:23 PM Reply Quote 0
          • V
            viragomann @stephenw10
            last edited by May 24, 2022, 9:23 PM

            @stephenw10 said in pfSense on vm for remote acccess using vpn:

            separate interface on the main router

            May also be a virtual one (VLAN).

            1 Reply Last reply Reply Quote 0
            • S
              stephenw10 Netgate Administrator
              last edited by May 24, 2022, 9:58 PM

              Yup, can be a VLAN. pfSense treats a VLAN the same as any other interface.
              It can even be something obscure like PPPoE. Though I would not recommend that unless you have no other choice. 😉

              Steve

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received