Pfsense as proxy on wan



  • is it possible to setup pfsense as a proxy on wan, meaning it gets packets from the wan then matches rules and sends those packets out of openvpn tunnels, in my country VoIP is blocked by isp but they allow VoIP within the country so i have setup a openvpn tunnel so all voip calls from lan go out of tunnel, i want to be able to use this tunnel from wan as well so when im in the country in a different location then i want to be able to use pfsense as the proxy which wouldnt take the packets then send it out of the openvpn tunnel



    • Crappy-salat allow voip in the country? really? They recently got some bluecoats and are interfering with Skype to Skype calls.
    • it should be possible with a firewall rule with an explicit gateway, in addition to a manual outbound NAT rule. Though I'm guessing as I haven't tried it.


  • yes, VoIP within country is allowed since long, many businesses use it also. they keep blocking VoIP in plain and encrypted form from within UAE to outside, Skype to Skype works fine but they got some new mechanism which detects Skype usage and blacklists ur ip after which all udp traffic is heavily filtered and i guess u might be suffering that, simply restart ur router to get a new ip and then blacklist is removed as long as u don't sue Skype.

    i have configured openvpn client and all my voip from within lan traffic goes out of it with manual nat enabled, now the tough part is to route traffic from wan to pfsense and then out of openvpn tunnel



  • any devs want to guide on this?



  • It does not work with sipproxy?



  • actually i tried sipproxy for traffic from within lan but it has issues so my devices run direct with pfsense from within lan but the scenario is different in this case, we need to route traffic from the wan to pfsense then from there to openvpn client tunnel



  • For VoIP its a bit hard to do without a application proxy like sipproxy.
    Though you can do a rdr(Port forward) for connections on wan to the sip tcp port and all udp incoming on WAN.



  • create a port forward will create its associated firewall rule so basically what do i need to modify in that so all that incoming traffic can be routed out of the openvpn tunnel gateway?



  • You need to redirect to the openvpn sip provider normally.



  • would it handle nat etc properly as i have advanced manual outbound nat enabled?

    in port forward the destination ip i need to set as pfsense ip?


Log in to reply