PfSense with OpenVPN Client for Chromecast?
-
I will have to post a new "authoritative" thread on how to properly double NAT… (-:
-
dude you deleted the whole page? ;)
I was going to edit some of that nonsense out, and even started but then noticed other stuff that would have to be updated as well to get it up to speed - images of the connections under vmware, etc.
how do you tell who made the page or did most of the edits? Some put some work into that page. To bad is was full of nonsense like that..
I can understand using a vpn to circumvent regional restrictions - but he says he has his own vpn server? A bit confused on what he wants to do exactly - but sounds like just use a vpn service with pfsense.. Which yeah is pretty click click these days depending on the service wanting to connect too. But this confuses me?
"The VPN Server is my own server (250/250mbits) and my home connection is 100/6mbits."
So maybe he has a vps running openvpn?? If so then yeah that is pretty simple to connect to from your pfsense. Been working on howto for using openas – but keep getting side tracked..
yeah its my own dedicated server running openvpn and yeah I'm planning to bypass certain geo-locks as I travel to countries that have limits on youtube etc.
Could anyone redirect me to a "proper" wiki page/tutorial/yt link to have pfsense set-up on a vmware workstation running on windows with dual ethernet? The vSwitch part confuses me the most as I don't seem to have that in Workstation.
-
Before I attempt to answer your question, can you please tell me, assuming you have a VPN in the USA, how were you planning to use it?
You mention chromecast? Where will the VPN server be? Where will the TV be? Where will the Chromecast fob be? Where will the VPN client be running?
-
Before I attempt to answer your question, can you please tell me, assuming you have a VPN in the USA, how were you planning to use it?
You mention chromecast? Where will the VPN server be? Where will the TV be? Where will the Chromecast fob be? Where will the VPN client be running?
The VPN Servers are in the US, France, Netherlands and Japan, "most" of them are dedicated servers in a datacenter with OpenVPN Server installed and already functioning (tested with my Asus-wrt Merlin Router and Windows client).
The TV, Chromecast and VPN client(pfsense on a vm) would all be run in in the same location, my livingroom.
So… TV=>Chromecast=>Wifi-Router=>PfSense VM on a Windows host with VMware Workstation (or Hyper-V if needed) with dual nic=>cable modemThats how I planned it at least... to run Pfsense between the wifi router and modem with OpenVPN Client connecting to one of the servers mentioned above.
-
OK - So you are not in the USA but your pfsense VPN server is. (Very well and normal)
So, simple thing to do is have something like this:
Modem > router (pfsense or other. Doesn't matter.)
Then router > switch
On the switch, you can put all your laptops , computers etc. They will get an IP from the local country - not usa.
Now, you need a second router with VPN client capability. I suggest pfsense but DDWRT also works.
Plug the WAN of that router into your switch.
Now plug a second switch into the LAN of your second router.
The second router will be a vpn client to the server in the USA.
The second router and the second switch and everything plugged into it will function as if its in the USA.
So make sure that the TV with the chromecast and any device associated with the TV or the Chromcast is all on that second switch or a wireless AP connected to that second switch.
Like this you will have a full time local network and a full time usa network.
On the local network computers, you can always use a software client to attach to your pfsense if you need to also. Make sure each device has its own seperate certificate/common name.
I know this works fine since I've done it here. (I don't have a chromecast but I do have other things that always sit on a USA IP this way)
-
Hmm, well I suppose that makes things logically simple but why not just use a single pfSense router with two internal interfaces?
Or just one internal interface and policy routing?
Or just route everything over the VPN as I think the OP wants. ;)
Also do it in a VM! ;D
@Shadoom: Your requirement to use Windows as the VM host, is that absolute?
Steve
-
Because he like me is apparently in possession of DDWRT routers.
But yes - you can do it with one pfsense router with one vlan switch and a configured openvpn interface.
I have VMS here that are clients to a pfsense set up like that (minus the vlan)
It requires less hardware to set up but more know-how.
This way has advantages over using ddwrt in that ddwrt isn't well patched.
pfsense would be more secure.
-
Hmm, well I suppose that makes things logically simple but why not just use a single pfSense router with two internal interfaces?
Or just one internal interface and policy routing?
Or just route everything over the VPN as I think the OP wants. ;)
Also do it in a VM! ;D
@Shadoom: Your requirement to use Windows as the VM host, is that absolute?
Steve
The method Kejianshi posted seems rather advanced and "overkill" for my needs. Althought I thank you deeply for your time and help. I thought about a simpler, smaller solution.
I've seen in this video https://www.youtube.com/watch?v=9E77ZWzN1P4 that he had a internal vSwitch and a external vSwitch on hyper-v. But I'm too inexperienced with pfsense/networking to know if thats the right thing to do with dual nics.Which host would you recommend? Windows is not absolute but I do use the machine for the occasional retro gaming session.
-
My way is the dummy way… haha.
The other way has a smaller hardware footprint and is better if you can configure it correctly.
-
If you're going to use windows you just need to be sure the host OS doesn't have a public IP at all. All traffic from the host OS must go via the pfSense VM which means setting up an virtual interface that exists both for the host and the pfSense VM and disabling the Windows networking protocols on the real NIC which is being passed through to the pfSense VM WAN.
What you're suggesting is certainly do-able in any supported Hypervizor. Since they're all slightly different I would go with whatever you're happiest using.
I wouldn't follow that youtube clip though. You should never add scripts in locations like he does there.
Steve
-
Chromecast is picky. Its not going to like NATing between subnets. You need to keep it and everything associated with it on one subnet.
-
Yep that's true you have to have the Chromecast and whatever device you're controlling it from in the same subnet. That would probably mean both those devices having all their traffic routed over the VPN but I don't think that's a problem for you.
Really the difficult part of what you're suggesting is trying to achieve it in a VM. And that isn't really that difficult if you're familiar with the hypervisor.
Steve
-
I wouldn't use either workstation or player. I'd use ESXI. But thats a dedicated box, so an small hardware appliance is probably better.
-
Yep I'd use ESXi too but that does limit the retro gaming potential. ;) Maybe very very retro games? ;D
Steve
-
I don't get it.. Either put pfsense on a type 1 vm host, or run pfsense direct on it. Or get some hardware for pfsense to run on, etc. Its not like any of these options bust the bank.. A OLD pc will run pfsense just great!!
Not like this poster doesn't have spendable cash with multiple server all over the globe for it seems to circumvent regional restrictions. If not mistaken netflix and stuff just needs dns redirection to by pass most of those - not full blown vpn.
-
I agree that esxi is probably the best solution for it.
But I had hoped for an all in one solution as I'd like to keep devices used and physical space consumed to a minimum. I'll try the method stephen has explained tomorrow when I've found some docs on it. Thank you for that :)
