Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is this setup possible with pfSense?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      unicyclon
      last edited by

      Hello,

      I'm new to pfSense. For setting up a home network, I'm looking for a solution to achieve this setup:

      • One WAN connection, connected to a standard fibre box (from Telia)
      • One LAN facing port, connected to some switch
      • One OpenVPN tunnel, with vpntunnel.se setup on the pfSense box
      • A NAS, a VoIP phone and several computers connected to the switch

      The desired behavior is:

      • All internet traffic use the WAN connection by default, with medium priority.
      • All rsync internet traffic originating from the NAS must pass through the VPN, with a low priority.
      • In order to be able to use the VPN tunnel from the computers, setup a PPTP server on the pfSense box I can connect to from a computer on the network. All internet traffic sent to this interface would be forwarded to the vpntunnel.se OpenVPN interface, with a medium priority.
      • All VoIP traffic use the WAN, with high priority.

      I tried to quickly draw a schema for this. It may help: http://dl.dropbox.com/u/4645544/IMAG0137.jpg

      Is this setup (easily) configurable with pfSense, or is there another better solution you can think of?

      Thanks.

      –
      Pierre

      1 Reply Last reply Reply Quote 0
      • D
        dreamslacker
        last edited by

        Yes, it can be done on pfSense.

        Basically, you need to setup the OpenVPN client first.

        This will be your 2nd WAN (OVPN tunnel over the Telia), so to speak.

        Then setup the PPTP server.  This will give a fixed separate subnet (2nd LAN) for your clients using PPTP.

        You will then modify the NAT rules so that all PPTP clients will NAT through the OpenVPN 'WAN' connection.
        Also, the NAS RSYNC will NAT through the same connection.

        The regular internet traffic - LAN subnet, will NAT through the normal WAN (Telia) connection.

        You'll then need to add firewall rules to:
        Block RSYNC traffic going to the NAS except for source subnet being the PPTP subnet (2nd LAN).

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          You'll also have to play around with the various traffic shaping options to get the priority behaviour you need. This will probably be the hardest part of the setup!  ;)

          Steve

          1 Reply Last reply Reply Quote 0
          • U
            unicyclon
            last edited by

            Well, thanks. I think pfSense will be my choice then. Thanks for your help.
            Now, I just have to learn how to play with traffic shaping option ;)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.