Multiple VPN Servers



  • Is it possible to have multiple VPN servers running on different ports on pfSense?



  • Yes, no problem. I have a few OpenVPN site-to-site servers and road warrior server/s all on 1 pfSense.
    Just choose a different unused port for each one. Of course the various clients have to connect to the correct server port to get to their matching server.



  • Thanks for the reply. I also assume that each of the servers needs to have a different IP subnet, is that correct? Also, would the different clients from the different server be able to talk to each other (I want to make sure that they can't)?



  • Each server needs its own subnet - design a private IP addressing scheme that has a different subnet for each OpenVPN server.
    Firewall rules will block or allow whatever you want, also when the client connects it gets pushed routes (telling it what subnets are available at the server end of the link), so if you only push routes to your LAN/s (and not to the other OpenVPN subnets) then the clients will not even see them.



  • So I followed your advice and some online tutorials and everything works great!

    From a security standpoint, would there be a reason to add an interface to the OpenVPN servers and enable Snort on them? Or would that be an overkill?


Log in to reply