Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple public Static addresses

    Routing and Multi WAN
    2
    2
    146
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      erdeed
      last edited by

      My internet service provider gives blocks of public static IP addresses. I want to set up a router as a Wireguard VPN server so I can have my own VPN and install this VPN on the client’s router and assign to each client’s router a public static IP from the block my ISP gives me.
      Can I do this with Pfsense sotware? If so, is there any video or tutorial on how to do this?

      G 1 Reply Last reply Reply Quote 0
      • G
        Gblenn @erdeed
        last edited by

        @erdeed I'm not entirely sure I'm understanding exactly your thoughts here, but perhaps it's something like this:

        You want to have clients using VPN to come in via pfsense and then be directed out on the internet again on each IP depending on which client it is. So their "public IP" is now one of your IP's from the block, not their own? Sort of what you get when subscribing to NordVPN etc.

        So you have one physical interface with a block IP's from your ISP with N IP's available. The key here would be that you also need matching interfaces in pfsense.

        If you have enough physical ports on your pfsense machine, you could simply put a switch in front of pfsense and connect ISP-cable to port 1 and the other ports 2-N to your WAN ports on pfsense. Each interface will have a unique MAC and therefore get assigned individual IP's from your ISP.

        If you only have one WAN port on pfsense, you need to use VLAN instead. So using a managed switch you can create a matching number of VLAN's, and using only two ports on the switch where you basically allow the switch to TRUNK all VLAN's towards pfsense.

        Switch port 1 to pfsense (VLAN Trunk ID 1, 10, 11, 12, 13, 14 etc)
        So fiber to switch port 2 (fiber/cable in) (set it to VLAN TRUNK untagged I suppose??)

        In pfsense you create VLAN's and assign them all to the one WAN interface, and make sure again that they each have a individual MAC addresses. Then you should be getting one IP per virtual WAN interface...

        Whether you set up your VPN server in pfsense or have it running on a server on your LAN probably doesn't matter. It's perhaps more a matter of compute resources...

        But in pfsense you need to define policy routing rules to make sure each individual VPN-tunnel-IP is routed out the desired interface.

        I might have missed something here but I think that should cover it...

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.