Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Newbie pfSense user - configuration using DMZ

    General pfSense Questions
    2
    4
    202
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      ydderf2426
      last edited by ydderf2426

      hi all, hope you are fine.

      I have been working with pfSense since last week to try make it work using DMZ IP in WAN interface.

      I am doing this like that because my ISP just give me an IP public and they make the redirection to the DMZ IP with all ports open.

      I installed pfsense in a virtual machine in hyperv, with two adapters WAN adapter where the DMZ is configured and LAN adapter with a random virtual switch generated in hyper v.

      Knowing that how can I configure Open VPN in pfsense to make it work? Is it possible? I am not a network expert.

      What I tried till this point did not work.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        So you are forwarding all traffic to the pfSense WAN IP in your ISP router?

        If so you should be able to run an OpenVPN server there.

        What did you try? How did it fail?

        Steve

        Y 1 Reply Last reply Reply Quote 0
        • Y
          ydderf2426 @stephenw10
          last edited by ydderf2426

          @stephenw10 Hi, my ISP gave me a DMZ IP 192.168.100.200 255.255.255.0 192.168.100.1, and that DMZ IP receive all traffic from my public IP with no port restriction.

          • Installed pfsense 2.7 in hyper v with two network adapters WAN(internet) and LAN(hyper v virtual switch).
          • Configured WAN interface in pfsense dashboard with DMZ IP with subnet, gateway and corresponding dns.
          • Configured LAN interface with random network range(this will be the one another virtual machines will use).
          • Created OpenVPN server using wizard:
          1. select type of server local user access.
          2. create new Authority CA for server.
          3. create server certificate.
          4. server setup, select protocol TCP IPv4 and IPv6 on all interfaces, Interface WAN, local port 1194, tunnel settings IPv4 tunnel network I use 10.0.8.0/24, IPv4 local network 192.168.1.0/24 and rest of settings by default.
          5. select and create both firewall traffic rules from clients to server and from clients through VPN.
          6. create new user, selecting the internal certificate authority previously created.
          • Created client export leaving selected option hostname resolution with interface IP address value and rest of options with default values.
          • Installed config file in a remote computer and got the following:

          Tue Sep 10 20:26:07 2024 OpenVPN 2.6.12 [git:v2.6.12/038a94bae57a446c] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jul 18 2024
          Tue Sep 10 20:26:07 2024 Windows version 10.0 (Windows 10 or greater), amd64 executable
          Tue Sep 10 20:26:07 2024 library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
          Tue Sep 10 20:26:07 2024 DCO version: 1.2.1
          Tue Sep 10 20:26:12 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.100.200:1194
          Tue Sep 10 20:26:12 2024 Attempting to establish TCP connection with [AF_INET]192.168.100.200:1194
          Tue Sep 10 20:28:13 2024 TCP: connect to [AF_INET]192.168.100.200:1194 failed: Unknown error

          The client is trying to connect using DMZ IP and that is bad because there we need to point to public IP, because I am trying outside my local network.

          Do you know what can I done different to make it work as I need?

          I have an update, I force the public IP in the openvpn config file and in that way I got soemthing different but with errors:

          2024-09-11 00:25:25 OpenVPN 2.6.12 [git:v2.6.12/038a94bae57a446c] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jul 18 2024
          2024-09-11 00:25:25 Windows version 10.0 (Windows 10 or greater), amd64 executable
          2024-09-11 00:25:25 library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
          2024-09-11 00:25:25 DCO version: 1.2.1
          2024-09-11 00:25:27 TCP/UDP: Preserving recently used remote address: [AF_INET]PUBLICIP:1194
          2024-09-11 00:25:27 Attempting to establish TCP connection with [AF_INET]PUBLICIP:1194
          2024-09-11 00:27:28 TCP: connect to [AF_INET]PUBLICIP:1194 failed: Unknown error
          2024-09-11 00:27:28 SIGUSR1[connection failed(soft),connection-failed] received, process restarting
          2024-09-11 00:27:29 TCP/UDP: Preserving recently used remote address: [AF_INET]PUBLICIP:1194
          2024-09-11 00:27:29 Attempting to establish TCP connection with [AF_INET]PUBLICIP:1194
          2024-09-11 00:27:29 TCP connection established with [AF_INET]PUBLICIP:1194
          2024-09-11 00:27:29 TCPv4_CLIENT link local: (not bound)
          2024-09-11 00:27:29 TCPv4_CLIENT link remote: [AF_INET]PUBLICIP:1194
          2024-09-11 00:27:29 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
          2024-09-11 00:27:30 [VPN_SERVER_CA] Peer Connection Initiated with [AF_INET]PUBLICIP:1194
          2024-09-11 00:27:31 open_tun
          2024-09-11 00:27:31 tap-windows6 device [OpenVPN TAP-Windows6] opened
          2024-09-11 00:27:31 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.8.0/10.0.8.2/255.255.255.0 [SUCCEEDED]
          2024-09-11 00:27:31 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.8.2/255.255.255.0 on interface {B446BA71-F626-4465-8A5A-A021DE7F3F4F} [DHCP-serv: 10.0.8.0, lease-time: 31536000]
          2024-09-11 00:27:31 TUN: Setting IPv4 mtu failed: Access is denied. [status=5 if_index=57]
          2024-09-11 00:27:36 ERROR: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=57]
          2024-09-11 00:27:36 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
          2024-09-11 00:27:36 ERROR: Windows route add command failed [adaptive]: returned error code 1
          2024-09-11 00:27:36 Initialization Sequence Completed

          Still needing some help :(.

          New update, now it is working, for some reason in the client machine I was needing to run OpenVPN as administrator, after that I tried again to connect and it was completed successfully.

          Thanks for your answer anyways Stephen, now I will play more.

          stephenw10S 1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator @ydderf2426
            last edited by

            @ydderf2426 said in Newbie pfSense user - configuration using DMZ:

            Created client export leaving selected option hostname resolution with interface IP address value

            Yes you need to specify the external IP address for server resolution there. Or an FQDN if you have a real host/domain setup.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.