Routing OpenVPN to LAN
-
@gblenn said in Routing OpenVPN to LAN:
So the suggestion is to make the wifi-router into a simple AP, only using it's switching and wifi capabilities.
as he described in his 1st post
A wifi router is connected to the pfSense LAN itnerface to which all the home devices are connected in.
the suggestion ist TRUE turn that "wifi router" into an dumb access point served by everything on the IP side needed by pfS (DNS / Gateway / NTP / IP /) and let everything else handle pfS for the clients (dhcp / DNS )
-
@viragomann said in Routing OpenVPN to LAN:
@gblenn
No, in his first post, which I referred to, he mentioned, the wifi is connected to pfSense LAN.Anyway, also if the wifi was connected to WAN it would be possible. Same way, but masquerading on pfSense would be necessary.
But yeah, I agree that setting the wifi into AP mode is best practice to achieve what he intend, but sadly he has obviously trouble setting that up properly.
Precisely, the wifi-router is and should be connected to pfsense LAN. I suppose the whole idea with pfsense here, was to take that step up in the world, away from a simple wifi-router...
BUT the cable shouldn't go to the wifi-routers WAN port, it should go into the LAN port. Just that DHCP needs to be disabled on the wifi-router and the LAN IP needs to be changed on it as well.
-
yep should do the trick ...
set wifi thing (tha router) to dhcp and disable router function)
turn dhcp on pfS on
cable from lan pfS to lan wifi thing (if there is no LAN port use WAN but disable router function first) -
@gblenn said in Routing OpenVPN to LAN:
@irondog Ok, as I read it you have pfsense set up pretty much default in this regard, which means DHCP is active.
-
Connected to your pfsense, log in and go to Services > DHCP Server and look for the item called Range.
Check that it reads something like 192.168.1.100 and 192.168.1.199
This means that you can use anything outside of that range for any devices that you want to have a Static IP (like your wifirouter). -
Now connect to and log in to your wifirouter (what model is it btw?), and find the basic Network settings where you see the IP address you used in the web browser to log in.
2.1 First, check again to make sure the DHCP Server is turned off. It should be greyed out or empty. If not turn it off...
2.2. Now change the IP address of the router to 192.168.1.10 or something where the last number is unique and not 1 since that is owned by pfsense now. Click save and the router will likely reboot automatically. -
Make sure the LAN cable goes from pfsense LAN > wifi router LAN (not WAN). And connect your PC to any of the other LAN ports on the wifi router. To simplify things, you could place a switch in between so you don't have to move cables around. Connect pfsense LAN > switch and then connect both your PC and wifi router (LAN port) to that switch.
-
You should now be able to log in to pfsense using 192.168.1.1 AND to your wifi router on 192.168.1.10.
Thanks I will try this evening. What about the ISP modem router? it also has DHCP.... wifi router is the TP LINK AX50. Thanks again!
-
-
ISP Modem delivers dhcp to your pfS wan interface
Do not use the same ip Adress range on your Lan pfS interface
Worst case you got 2x NAT for starters but everything will work out of the box
-
@irondog If the ISP modem has the ability to do "bridging" then I suggest you set it up like that. This means that it will simply pass thru the WAN to one (probably specific) LAN port. Check the manual for that, but that would be your best option.
Alternatively, as @noplan said, set a different IP (192.168.10.1) on it, so that the WAN on pfsense is different. The next thing could be to make sure pfsense is getting a Static IP (also set in the ISP device). Finally, find a setting under NAT, Security or Firewall which is called DMZ and set the IP to point at pfsense. This will open up the ISP router so it interferes as little as possible.
-
@irondog said in Routing OpenVPN to LAN:
wifi router is the TP LINK AX50. Thanks again!
First, to disable the DHCP server go to Advanced > Network > DHCP and uncheck the box
Second, to change the IP on the LAN side, go to Advanced > Network > LAN
Type in the IP as in my instructions and click Save. That should do it... -
@gblenn thanks will try during the weekend and let you know!
-
Dear all, tried this weekend and everything is working perfectly!
Only one thing was not working correctly was the pfSense WAN IPv4 configuration type that for some reason was set to none (I had no internet from the wifi router LAN) but figured out by myself how to fix putting DHCP.
Thanks everyone for the the help, very much appreciated! -
cool !
-
Hi guys, one thing I noticed (maybe was present also on the previous setup but I did not notice) is that the new configuration takes some time to start loading the webpages (any webpage) and then it is super fast to present the content as usual (I have a 2.5G fiber). My little network understanding is that this delay can be caused by the DNS resolving the IP not in the right way. How can I check if this is the case and what is the best configuration of the DNS in my setup? My pfSense is basically stock... thanks!
-
@irondog As default, pfsense is using the resolver, under Services > DNS Resolver. It makes it's requests towards root servers which will likely be slower than using e.g. google or cloudflare's DNS servers.
If that is a concern, or you want to use DNS Servers which provide safeguards against malicious sites or block certain site categories, you need to change it to use forwarder mode. There's a tick box under DNS Resolver where you activate this. The servers it will then use are the one's you list under System > General Setup > DNS Servers.
-
@irondog said in Routing OpenVPN to LAN:
DNS in my setup
please open another topic !
gonna be a lot of people to help u yout with dns issuesbr NP
