Attached PFsense to a private network to allow remote logins through pfsense



  • Hi,

    i have tried all type of search on the mentioned subject but still confused.

    we are using a private network in office which has its own firewall which is then connected to the branch offices,

    this network doesnt have internet access so we cannot remote login,

    i am trying use Pfsense to connect to the network as a client and have the wan connected to the internet to allow remote login.

    i have beens searching for it for quite some time but repeatedly ended up at NAT,

    my current configs are as following wan 1 connected to the internet with dhcp ip, and OPT / wan 2 conencted to the main firewall with IP - 10.100.0.20 /255.255.255.0 / 10.100.0.1 gateway,

    i am note sure how can i make it so that people who login to the pfsense using pptp get IP range from 10.100.0.200 -250 and be able to directly connect to the main firewall of the private network

    appreciate all the help.
    cheers


  • LAYER 8 Global Moderator

    Normally you would connect wan to internet, and then pfsense LAN to your internal network.

    You normally wouldn't do wan 1 to wan 2 traffic.

    Is the network you want to connect to behind the firewall?  Or the the clients you want to connect to on the 10.100.0.0/24 network?  Are there networks you want to connect to at the other location as well?



  • @johnpoz:

    Normally you would connect wan to internet, and then pfsense LAN to your internal network.

    indeed but in this case 10.100.0.x network has its own gateway and pfsense must connect through it to access all the other private lans connected to each other.

    @johnpoz:

    Is the network you want to connect to behind the firewall?  Or the the clients you want to connect to on the 10.100.0.0/24 network?  Are there networks you want to connect to at the other location as well?

    yes the network is behind a firewall a juniper machine, which is connected to other networks using vpn tunneling.
    also there are other networks that i need to access.


    is there any other option available? like dual wan?

    i did try dual wan, but i am having a little issue:-
    i can login to pfsense using vpn , (firewall rule added) but i cannot access the wan2 (10.100.0.X) network resources

    tried to change the rules to allow pptp to access wan2 subnet but didnt work.

    i am open to all suggestions.

    thanks!



  • just wanted to add a little bit more.

    at this moment i am trying the dual wan method 1 connected to the internet and another to the private network 10.100.0.x

    seems at the pfsense webgui, using the ping tool i can ping to internet and the other networks available on the private lan (10.100.0.x)

    however on the machine itself i can only ping the internet. (this may be due to wan1 being internet and opt1 being private lan)

    i am not sure if i have setup some of policy to enable access for pptp users and lan users to access only opt1 (10.100.0.x)

    please guide me in this.

    i appreciate all the help! thanks!


  • LAYER 8 Global Moderator

    "indeed but in this case 10.100.0.x network has its own gateway and pfsense must connect through it to access all the other private lans connected to each other."

    In this case you would setup routes to these networks on pfsense - pfsense can use routing protocols to auto learn the routes to these other networks on the otherside of your internal router/firewall.

    Even if you did it with wan to wan interfaces, the openvpn client will have to know to use the tunnel to get to these other networks - say 10.200.0.0/24 that is on the other side of your router/firewall.  As well as pfsense needs to know to use your firewall/router as the gateway to get to those networks.  It needs routes to them, or its just going to use its default route to get to networks it does not have routes too.

    But I would again still put your private lan(s) on the lan interface of pfsense - not another wan interface.



  • @johnpoz:

    But I would again still put your private lan(s) on the lan interface of pfsense - not another wan interface.

    hmm, ok if i go with only 1 wan and 1 lan, wan can be internet access, and can i make lan use the gateway of the 10.100.0.X?

    regards


Log in to reply