Is this setup possible with pfSense?



  • Hello,

    I'm new to pfSense. For setting up a home network, I'm looking for a solution to achieve this setup:

    • One WAN connection, connected to a standard fibre box (from Telia)
    • One LAN facing port, connected to some switch
    • One OpenVPN tunnel, with vpntunnel.se setup on the pfSense box
    • A NAS, a VoIP phone and several computers connected to the switch

    The desired behavior is:

    • All internet traffic use the WAN connection by default, with medium priority.
    • All rsync internet traffic originating from the NAS must pass through the VPN, with a low priority.
    • In order to be able to use the VPN tunnel from the computers, setup a PPTP server on the pfSense box I can connect to from a computer on the network. All internet traffic sent to this interface would be forwarded to the vpntunnel.se OpenVPN interface, with a medium priority.
    • All VoIP traffic use the WAN, with high priority.

    I tried to quickly draw a schema for this. It may help: http://dl.dropbox.com/u/4645544/IMAG0137.jpg

    Is this setup (easily) configurable with pfSense, or is there another better solution you can think of?

    Thanks.


    Pierre



  • Yes, it can be done on pfSense.

    Basically, you need to setup the OpenVPN client first.

    This will be your 2nd WAN (OVPN tunnel over the Telia), so to speak.

    Then setup the PPTP server.  This will give a fixed separate subnet (2nd LAN) for your clients using PPTP.

    You will then modify the NAT rules so that all PPTP clients will NAT through the OpenVPN 'WAN' connection.
    Also, the NAS RSYNC will NAT through the same connection.

    The regular internet traffic - LAN subnet, will NAT through the normal WAN (Telia) connection.

    You'll then need to add firewall rules to:
    Block RSYNC traffic going to the NAS except for source subnet being the PPTP subnet (2nd LAN).


  • Netgate Administrator

    You'll also have to play around with the various traffic shaping options to get the priority behaviour you need. This will probably be the hardest part of the setup!  ;)

    Steve



  • Well, thanks. I think pfSense will be my choice then. Thanks for your help.
    Now, I just have to learn how to play with traffic shaping option ;)


Log in to reply