Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    This setup possible with pfsense?

    OpenVPN
    3
    3
    3254
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      StefanSander last edited by

      Hello folks,

      at the moment we ware evaluating pfsense as the primary firewall
      for our company and i would like to know from your experience if
      the following setup can be handled by pfsense without problems.

      LAN–-- PFSENSE (OpenVPN) ---- CISCO (IPSEC, split-tunneling) --- ISP
                 |
                DMZ

      Secondoffice LAN--- PFSENSE---ISP

      Our LAN is connected to pfsense interface0, WAN is interface1, DMZ interface2.
      The WAN interface is connected to the CISCO Router which creates an IPSEC tunnel
      to our customer on demand. The only offical IP is on the WAN interface of the
      CISCO Router, which forwards any traffic not directed to our customer to pfsense which
      has an internal adress on it's WAN interface.

      Our second office will have pfsense as firewall and pppoe gateway (offical ip on WAN),
      we need a persistant VPN tunnel between the two offices.

      Does this setup work if one of the pfsense boxes has an internal ip on WAN
      and the other does have an offical? Will the tunnel between the offices work?
      Does OpenVPN accept this setup for roadwarriors? What rules are necessary?

      thanks a lot in advantage
      Stefan

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        If a a similiar IPSEC setup like you describe (with one pfSense behind another natting router). The pfSense behind the natting router joins as mobile client to the pfSense with the static IP. As it has a keppalive IP set the tunnel is up all the time even on IP-Change (the end with the other natting router is dynamic).

        Can't say too much about openvpn though as I haven't used it yet.

        1 Reply Last reply Reply Quote 0
        • JeGr
          JeGr LAYER 8 Moderator last edited by

          OpenVPN should work, as long as its standard UDP Port (1194) ist properly redirected to the pfSense box behind the Cisco. The other pfsense on the ADSL (I assume) line should work just fine. Anything further depends on the ip/netmasks used on either side and the mode used for openvpn. But at a first glance I can't see anything that should spoil the fun here - as long as the cisco is fowarding the openvpn-udp packets adressed for the public ip to the pfsense on its transfer-net (wan)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy