pfSense on vm for remote acccess using vpn
-
Hey all,
I have been wondering if pfSense is suitable to use on a VM and provide a solution for remote access to our network? Currently we have a Ubiquiti USG which doesn't really support a good solution for vpn clients.
Is it suitable to build a vm on which pfSense can run? And is it capable of providing 20-50 vpn client connections? If so what requirements do i need for a VM?
-
@jolu_itsme
Yes, pfSense runs fine on almost all hypervisor, presumed you set it up according to the docs: https://docs.netgate.com/pfsense/en/latest/virtualization/index.htmlHowever, as I understand your intention, you want to run pfSense for VPN only, while the router role is on another device.
When you run a VPN access server which is not the internet router, you have to route the VPN client subnet to the vpn server, so that response packets from local devices are directed back to the vpn server.Best practice to do this, is create a transit network between the router and pfSense. On the router you have to add a static route for the VPN clients network pool and point it to pfSense.
This way you only need a static route on the router. When your local devices respond to vpn clients, they send packets to the router and there the traffic is directed to pfSense. -
Another option is to bring up a dedicated VPN server. I run a Ubuntu WG server instead of running WG or OpenVPN on pfSense.
-
Either way you would still want to use it on a separate interface on the main router to avoid asymmetric routing.
Steve
-
@stephenw10 said in pfSense on vm for remote acccess using vpn:
separate interface on the main router
May also be a virtual one (VLAN).
-
Yup, can be a VLAN. pfSense treats a VLAN the same as any other interface.
It can even be something obscure like PPPoE. Though I would not recommend that unless you have no other choice.Steve