Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense on vm for remote acccess using vpn

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 740 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jolu_itsme
      last edited by

      Hey all,

      I have been wondering if pfSense is suitable to use on a VM and provide a solution for remote access to our network? Currently we have a Ubiquiti USG which doesn't really support a good solution for vpn clients.

      Is it suitable to build a vm on which pfSense can run? And is it capable of providing 20-50 vpn client connections? If so what requirements do i need for a VM?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @jolu_itsme
        last edited by

        @jolu_itsme
        Yes, pfSense runs fine on almost all hypervisor, presumed you set it up according to the docs: https://docs.netgate.com/pfsense/en/latest/virtualization/index.html

        However, as I understand your intention, you want to run pfSense for VPN only, while the router role is on another device.
        When you run a VPN access server which is not the internet router, you have to route the VPN client subnet to the vpn server, so that response packets from local devices are directed back to the vpn server.

        Best practice to do this, is create a transit network between the router and pfSense. On the router you have to add a static route for the VPN clients network pool and point it to pfSense.
        This way you only need a static route on the router. When your local devices respond to vpn clients, they send packets to the router and there the traffic is directed to pfSense.

        1 Reply Last reply Reply Quote 0
        • AndyRHA
          AndyRH
          last edited by

          Another option is to bring up a dedicated VPN server. I run a Ubuntu WG server instead of running WG or OpenVPN on pfSense.

          o||||o
          7100-1u

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Either way you would still want to use it on a separate interface on the main router to avoid asymmetric routing.

            Steve

            V 1 Reply Last reply Reply Quote 0
            • V
              viragomann @stephenw10
              last edited by

              @stephenw10 said in pfSense on vm for remote acccess using vpn:

              separate interface on the main router

              May also be a virtual one (VLAN).

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Yup, can be a VLAN. pfSense treats a VLAN the same as any other interface.
                It can even be something obscure like PPPoE. Though I would not recommend that unless you have no other choice. 😉

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.