Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open VPN from inside LAN not using WAN at all??

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rpf
      last edited by

      Hello pfsense expert,

      Normally people have a "router" - pfsense - LAN

      I have a not so common setup. I have "ISP router" - LAN and pfsense part of the LAN (using the LAN interface only)

      In other words, I have my pfsense, alix board in my LAN behind my Router - provided by the ISP. I want to use pfsense "mainly" as a vpn concentrator. I want to logon from the internet via openvpn to the pfsene (making a port forwarding on my ISP router to pfsense), and then access some NAS servers in my LAN.

      Can I logon via openvpn over the LAN interface? Is this setup possible at all?

      I hope someone could give me some insights

      thanks

      rpf

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Why do you have the pfSense connected via the LAN interface? What is connected to the WAN interface?
        But yes this should be possible.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • R
          rpf
          last edited by

          @GruensFroeschli:

          Why do you have the pfSense connected via the LAN interface? What is connected to the WAN interface?
          But yes this should be possible.

          Thanks for your reply! On the WAN interface there is nothing connected. Since I use many services from my ISP like VoIP, Multicast TV and so on, it is not possible that I put my whole LAN behind pfsense to it's LAN port, as one would normally do. Some of my LAN-clients like SetopBox, Telefone etc. have to be connected directly to the ISP router.  That's why I want pfsense only connected over the LAN inside my LAN acting as a openvpn server.

          Since you say that this should be possible, can I just follow the normal setup procedure? I setup my LAN and after that I setup openVPN. That's it and it should work?

          many thanks in advance

          rpf

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            I would switch it around.
            Connect the WAN of the pfSense to your local lan and leave the LAN unconnected.
            This way the pfSense can get via DHCP an IP on it's WAN and have a default gateway.
            Otherwise you couldn't have a default gateway on the LAN.

            ..ok you could, if you hacked it together manually but it's just cleaner the other way.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • R
              rpf
              last edited by

              Ok, I see. So I just use the WAN, which also makes sense. So we come to "my last concern"  ;)
              I use the WAN, and I logon from internet using openvpn to my pfsense (via port forwarding on my ISP router). After that, I want to connect to my NAS which is in the same LAN, will pfsense be able to "forward" my traffic back, over the WAN interface towards the default GW which will correctly route to the NAS? I hope you understand what I mean; in a normal setup, pfsense would forward the traffic over his LAN interface…

              I hope I could made it clear  ;D

              regards

              rpf

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                Yes this should be possible.
                As long as your default gateway in the LAN has a static route pointing to the pfSense for the subnet your coming from over the VPN.

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • R
                  rpf
                  last edited by

                  Thanks a lot, you have been a great help!! I will test it and setup my Alix board as you said. I'll let you know about the outcome…

                  regards

                  rpf

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.