PFSense as a Passive Firewall and OpenVPN end point



  • Ok… so I'm a noob to pfsense and I've been messing with my newly built box for a couple weeks now. I've learned quite a bit from these forums in that period of times and I'm hoping you guys can help me a bit more. So... this is the way my network is setup:

    I have the pfsense box setup as a transparent firewall. I'm now trying to get an OpenVPN connection to vpntunnel.com to work in this configuration. I only want the NAS to transmit data over the VPN and ALL traffic from the NAS out to the internet should be routed that way. Traffic to the PC behind the firewall simply needs to be filtered through pfblock, snort, etc. The NAS needs to be accessible from the PC and all Wireless devices on my home network.

    My pfsense box has 3 ports. I have a bridge between LAN and WAN (OPT2), and a bridge between OPT1 and WAN (OPT3) for the transparent firewall part. I have my OpenVPN connection working and assigned to OPT4 so the traffic coming out of the VPN can be filtered through pfblock, snort, etc. However, at this point I'm a little lost and I can't really figure out what to do next.

    Any help would be greatly appreciated.



  • What I see as a possible problem is the IP addresses you are using behind pfSense. I am guessing that the Ubee Modem/Router is handling DHCP and that it is giving out private addresses.
    This might work if you map all the ports necessary for VPN from the Ubee to the pfSense machine. Otherwise you need to have a VPN on the modem/router itself.
    I would search the forums for using OpenVPN in a bridge.



  • When bridging, VPN is painful because of the return routing complications that induces. Requests will go out, replies will be directed to your gateway IP, and it doesn't know how to route back to the VPN. Need a static route on the default gateway, or to source NAT VPN traffic so it all looks like it's coming from the IP on that subnet of pfsense.


Locked