Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN / NAT question

    Scheduled Pinned Locked Moved NAT
    6 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jaykup
      last edited by

      Option 1:
      I have 1 computer in the local network connecting to an external VPN for internet access, setup at the computer level.  When its connected, I cannot access that computer from the normal external IP.  Is there a way to set it up so the PC uses internet through the VPN, but on certain ports, it can be accessed externally?

      Option 2:
      I wouldn't mind setting up the VPN at the pfsense level, provided I could still access some of the computers inside the network from the outside…

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        1. That really depends on the computer and the VPN's configuration - it has nothing to do with pfSense.

        2. You may want to explain what you're trying to achieve, rather than giving us a tiny piece of the picture ;)

        1 Reply Last reply Reply Quote 0
        • J
          jaykup
          last edited by

          Alright, for option 2:

          pfsense connects to an external VPN (VyprVPN) and causes all internal computers to use that VPN for all internet traffic on IP (199.99.99.55)
          Internal computer named Server1 with an IP of 192.168.0.5
          How do I access Server1 remotely using VNC from an outside computer?
          Normally you would just go into pfsense > nat > forward port from ISP supplied IP (24.25.26.27) to local IP (192.168.0.5) port 5900
          Since I'm connected to the VPN I can't access any computers using 24.25.26.27.  How do I get around this?

          1 Reply Last reply Reply Quote 0
          • Cry HavokC
            Cry Havok
            last edited by

            You have to ensure that the VPN isn't the default route, or have a proxy on the local LAN for the protocol you're using.

            The simplest solution is not to use a VPN on a host you want to access from outside the LAN.

            1 Reply Last reply Reply Quote 0
            • J
              jaykup
              last edited by

              I understand what you are saying but the reason I use a VPN is because my ISP throttles my traffic.  By using a VPN I can bypass that since they don't know what I'm connecting to, so I want it to be the default route.

              However when its enabled, I cannot access any computers that are connected to the VPN (whether they are configured at the computer level or globally at the pfsense level).

              I thought there was a way to configure pfsense to allow access from an outside source even when its connected to a VPN, or maybe I need to create a route for specific external IPs or IP ranges?

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                On 2.0, if you let pfSense handle the VPN it shows up as a dynamic gateway, so you can use the normal policy-based routing tricks to do what you want.

                You'd just have the rules on WAN for the port forwards set as usual, and the rule on LAN to let your local systems out would have the gateway set as the VPN.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.