Open VPN from inside LAN not using WAN at all??

  • Hello pfsense expert,

    Normally people have a "router" - pfsense - LAN

    I have a not so common setup. I have "ISP router" - LAN and pfsense part of the LAN (using the LAN interface only)

    In other words, I have my pfsense, alix board in my LAN behind my Router - provided by the ISP. I want to use pfsense "mainly" as a vpn concentrator. I want to logon from the internet via openvpn to the pfsene (making a port forwarding on my ISP router to pfsense), and then access some NAS servers in my LAN.

    Can I logon via openvpn over the LAN interface? Is this setup possible at all?

    I hope someone could give me some insights



  • Why do you have the pfSense connected via the LAN interface? What is connected to the WAN interface?
    But yes this should be possible.

  • @GruensFroeschli:

    Why do you have the pfSense connected via the LAN interface? What is connected to the WAN interface?
    But yes this should be possible.

    Thanks for your reply! On the WAN interface there is nothing connected. Since I use many services from my ISP like VoIP, Multicast TV and so on, it is not possible that I put my whole LAN behind pfsense to it's LAN port, as one would normally do. Some of my LAN-clients like SetopBox, Telefone etc. have to be connected directly to the ISP router.  That's why I want pfsense only connected over the LAN inside my LAN acting as a openvpn server.

    Since you say that this should be possible, can I just follow the normal setup procedure? I setup my LAN and after that I setup openVPN. That's it and it should work?

    many thanks in advance


  • I would switch it around.
    Connect the WAN of the pfSense to your local lan and leave the LAN unconnected.
    This way the pfSense can get via DHCP an IP on it's WAN and have a default gateway.
    Otherwise you couldn't have a default gateway on the LAN.

    ..ok you could, if you hacked it together manually but it's just cleaner the other way.

  • Ok, I see. So I just use the WAN, which also makes sense. So we come to "my last concern"  ;)
    I use the WAN, and I logon from internet using openvpn to my pfsense (via port forwarding on my ISP router). After that, I want to connect to my NAS which is in the same LAN, will pfsense be able to "forward" my traffic back, over the WAN interface towards the default GW which will correctly route to the NAS? I hope you understand what I mean; in a normal setup, pfsense would forward the traffic over his LAN interface…

    I hope I could made it clear  ;D



  • Yes this should be possible.
    As long as your default gateway in the LAN has a static route pointing to the pfSense for the subnet your coming from over the VPN.

  • Thanks a lot, you have been a great help!! I will test it and setup my Alix board as you said. I'll let you know about the outcome…



Log in to reply