Running two VPN on one pfsense firewall/device
-
Hello there !
First, I would like to say that I'm completely new to networking and firewall but I'm confident that I can learn what I need to know :)
I just want to know if it possible to have this configuration with a pfSense installed on a Protectli firewall:
- One OpenVPN instance that allow me to access my local network from anywhere (mainly to use my workstation remotely)
- ProtonVPN configured on the firewall so that all my traffic is encrypted (I already know how to to this part)
Do you think it will be possible to do this ? I guess that when I use the OpenVPN instance to remotely connect to my local network from my laptop, all my internet traffic will go through this OpenVPN instance too, so through ProtonVPN also ?
Thank you in advance for your help.
-
@nbstackpie
Yes, you can have multiple concurrent VPN connection, also multiple OpenVPNs.However, connecting from remote to your home and route the internet traffic over the VPN for the benefit, that it is routed to an VPN provider, makes no sense to me, even it would be possible.
Why want you run a ProtonVPN on you laptop and direct upstream traffic directly over it? This should as well be possible, while you have a VPN connection to your home network.For running a VPN server at home, ensure that you have a public IP and access to it is allowed by the provider.
-
@viragomann Hi, thank you for your answer.
So I have no interest of using the ProtonVPN by connecting to my local network with my laptop through a VPN, since I can connect to ProtonVPN directly with my laptop. I just wanted to know that if I connect to my local network, my internet traffic my go through also this network (VPN + ProtonVPN) or if it's two separate things.
The main goal here is to access securely my workstation so I can run my code on it and access the results.So if at home all my traffic is going through ProtonVPN, it means that I don't have a public IP anymore to connect from a remote laptop to my local network?
Thank you for your help.
-
@nbstackpie said in Running two VPN on one pfsense firewall/device:
I just wanted to know that if I connect to my local network, my internet traffic my go through also this network (VPN + ProtonVPN) or if it's two separate things.
Yes, this should be possible.
By default the ProtonVPN server will push the default route to you, when connecting. This means, any traffic to destinations outside of the laptops local network will go to the ProtonVPN server.
If you establish also a connection to your home VPN server, this pushes the routes for your home LANs to the to you.When multiple routes are overlapping, the one for the smaller subnets wins. Hence traffic to your home LANs would be directed to the home VPN server.
So if at home all my traffic is going through ProtonVPN, it means that I don't have a public IP anymore to connect from a remote laptop to my local network?
Not really. All your upstream traffic would go out over ProtonVPN and hence will be seen with a ProtonVPN IP in the internet, but you routers WAN still keeps the public IP and you can connect to it from outside.
-
@viragomann I see ! Amazing, thank you so much for your help.
Last question to see if I understand VPNs and subnets correctly. Imagine that I am on a public network and my laptop is connect to internet through ProtonVPN server. If I connect to my private VPN to access my local network at home, it means that this connection will go through the ProtonVPN server too (like encapsulated, VPN inside a VPN), or my computer will switch to use my private VPN as internet access? It just to see if I understand correctly, not trying to do anything with that.
-
@nbstackpie said in Running two VPN on one pfsense firewall/device:
If I connect to my private VPN to access my local network at home, it means that this connection will go through the ProtonVPN server too (like encapsulated, VPN inside a VPN)
Yes, that's right.
If you have established the home connection already and then connect to ProtonVPN, the home VPN will probably fail and you have to reconnect, but then though ProtonVPN.
This could only be avoided by a static route on the laptop, which points the home WAN IP to the laptops WAN gateway. But this requires a static home WAN IP or have to be repeated every time, when connecting to the home (the OpenVPN client is capable execute a Script before connecting).At this point of view, however, it might be easier to direct the whole internet traffic over the home VPN, where it goes out over ProtonVPN, as you mentioned before.
-
@viragomann Thank you for these explanations, everything is clear now :)