New user needs help with pfsense VPN and WiFi

  • Hello. I have been hearing about pfsense from many people now and decided that its time to learn how to drive this thing. I have various bits of hardware but dont mind buying something new. I basically want to replace my crappy British Telecom Infinity router that crap. The router connects to a (a)DSL device that only has WAN port on it.

    My main usage would be for WiFi- I really need some good Wifi b and n. With the current BT router when I start to download from my NAS over WiFi everybody at home just cant browse any more- it blocks them. really annoying. and because its crap I have to use B.

    Second I would like to install some kind of VPN/SSH tunnel. But I would like to turn it on and off easily. I was thinking if it is possible to route ALL traffic via this SSH to another box so that I can spoof my Geo location based on IP. I want to watch TV and use other services in my home country that can only be accessed if I am there. Currently I have to do SSH proxy via putty- its getting a bit too much to start it up just to watch a 20minute clip.

    I have some old laptops but I can assemble something but ideally its gotta be small- with a few lan ports.


  • Netgate Administrator

    You haven't actually asked a question here so I assume you want to know if it's possible? Yes. And probably what's the easiest/cheapest way to achieve it?

    Build a pfSense box out of whatever you have. You will need at least 2 network cards but more is better.
    Insert the box between the Openreach modem (Huawei HG612?) and the home hub.
    Re-use the Home Hub 3 as a wifi access point by disabling DHCP and connecting to it's LAN ports.
    Setup some traffic shaping on pfSense to stop your NAS hogging all the available bandwidth.
    Setup a VPN to a point in your home country and then set a policy route to send the required traffic via it.

    Open a beer and feel smug!  ;)


  • Hi,

    if you have some ADSL modem the you can connect it to pfsense and do the PPPoE on pfsense.
    Or you do the Dial-in on your modem/router and just forward all traffic to your pfsense.
    Both ways are working and you only have to decide what you want to do.

    The WiFi part depends on the WiFi adapter you use and if it is supported on pfsense. pfsense 2.0.3 uses freebsd 8.1 and pfsense 2.1 uses freebsd 8.3. So you should check the hardware compatibility list (HCL) from freebsd what and which adapter is supported. And it must support Host AP mode to be an access point.

    Another possibility could be that you use some NICs in your pfsense. One for WAN, one for LAN and another which connects to your existing WiFI-AP. Then WiFi and LAN are separted and perhaps your performance problems are gone.

    As VPN Server I would suggest OpenVPN. This can be easily installed on pfsense. You can select protocol and port like you want. By default OpenVPN uses UDP for best performance on port 1194. As many firewalls in hotels block this port you can setup OpenVPN server to use TCP on port 443.

    Depending on your configuration you can force all your clients on the internet to route all traffic through the VPN tunnel and the pfsense WAN interface or you can define which destination networks should be routed through the VPN.

    For OpenVPN there is an "OpenVPN Export Utility" which generates configs and certificates for many different devices like Windows, MacOS X, Android, iOS, Linux. You just have to installe the OpenVPN client software on the clients and import the configs. When you start the OpenVPN client you are connected to pfsense and if you don't like you just disconnect the client from the OpenVPN server. This is pretty easy and fast. Onetime configuration and nothing more. And if you do not like to have your OpenVPN server running stop it on pfsense GUI or activate firewall rules which block connections to your OpenVPN server.

    When looking for a configuration for OpenVPN and pfsense you will find some threads when searching for "OpenVPN roadwarrior".

    Good luck!

  • Netgate Administrator

    Ah, two different interpretations of the VPN requirement.
    When you said home country did you mean where your pfSense will be or somewhere else you previously lived?


Log in to reply