ESXi config, possible?
-
I actually run a openvpnas server in a centos VM that also holds asterisks and chat server so it would be possible to put the vpnserver inside one of your other servers just as an additional service, but its so much easier to just give it a single vCore and a little ram to a separate VM for that. Not sure how strapped your resources are.
But if you intend to have a single machine with ESXi installed in it, with virtual pfsense as a firewall/router handing out IPs to a couple of virtual servers, just install openvpn in pfsense and export a client to your laptop and manage things from that.
Why is this hard? Maybe I'm missing something.
-
With one NIC in the ESXi host, that's got to be your ESXi management interface and needs to be your pfSense LAN interface - just so you can configure pfSense.
Trouble is you really want that one physical interface to be pfSense's WAN and then use OpenVPN to access and manage pfSense, ESXi and your other VMs through the tunnel.
With two NICs it wouldn't be a problem but with one I can't see how you can make the necessary changes without locking yourself out.
-
Wouldn't VLANs solve that?
-
With one NIC in the ESXi host, that's got to be your ESXi management interface and needs to be your pfSense LAN interface - just so you can configure pfSense.
Trouble is you really want that one physical interface to be pfSense's WAN and then use OpenVPN to access and manage pfSense, ESXi and your other VMs through the tunnel.
With two NICs it wouldn't be a problem but with one I can't see how you can make the necessary changes without locking yourself out.
Hi guys,
Sorry been away for a few days.
OK I actually have four physical NICs in this server! Currently only using two, NIC1: LAN, NIC2: What will be WAN. It has not been shipped to the DC yet and is sitting in my office at home.
When it goes to the DC I do have the option of multiple IP addresses.
This is how I have it setup so far: see Attached.
Does this look correct? I need the VM on the DMZ to be accessible to the WAN on certain ports and I also need to map a port between the local VM and the DMZ VM for traffic.
Thanks :)
-
It looks like you're on the right track. I assume that the two blacked out VMs are you web server on DMZ and back-end on LAN.
In your original post you said that you would have to "manage via public IP Address as well".
Were you saying that you will only be able to connect one NIC - the WAN - once it's in the DC? -
It looks like you're on the right track. I assume that the two blacked out VMs are you web server on DMZ and back-end on LAN.
In your original post you said that you would have to "manage via public IP Address as well".
Were you saying that you will only be able to connect one NIC - the WAN - once it's in the DC?Yep that's right. One NIC for WAN once in the DC…
&
Yes the two blacked out VMs are the web server on DMZ and the back-end LAN box. -
OK. I would set it up pretty much as you do already but I'd create a second DMZ and put the back-end server on that, rather than on the LAN.
 -
good idea, thanks, biggsy!
-
Right all set up and working :) biggsy's guide is spot on!
Biggsy, what do you recommend for management? I know you mentioned openvpn? Is that the best / easiest option?
Cheers
Phil -
Phil,
OpenVPN would be my choice. You'll just need to be sure you have set up the firewall rules to allow the client to access all the networks.