Routing / Tunneling through pfsense for VPN users to connect to LAN



  • Hi all,
    I am new to pfsense, and have a setup briefly as follows:
    WAN comes into a router that just does routing and hosts an L2TP VPN
    Router output goes to RED on the pfsense box which acts as my firewall and does the fancy stuff like squid etc.
    GREEN out of pfsense goes to my LAN.

    So I need to setup something on the pfsense to allow VPN users to come right through the firewall onto the LAN so VPN users have full access. Have never done anything with static routes so not sure if this is what I want.

    Here's something with IP addresses:
    External static IP = 80.x.x.x  –-> WAN on VPN router. NATs to LAN port on 192.168.91.254. VPN users have been set to pickup 192.168.91.x  ----> RED on pfsense set to 192.168.91.91 which NATs to 192.168.1.x which is internal LAN range.

    Anyone doing something similar? - would be very grateful for some advice. Tried the docs without much help so far.

    many thanks
    Rob

    PS I tried setting up the VPN on the pfsense instead but couldn't connect to it - the router itself is much more complex than the pfsense firewall so I think this would be the easier path to follow.



  • WAN comes into a router that just does routing and hosts an L2TP VPN
    Router output goes to RED on the pfsense box which acts as my firewall and does the fancy stuff like squid etc.

    Common as usual but wrong done likes many other are doing! In my eyes only and personally!

    If I set up a so called out router or firewall cascade the VPN should be terminated at the first
    router or firewall and not at the second one. Or in other words it would be better to go with
    one Router or Firewall and a VLAN capable Switch behind them. To open now at the second device
    ports would make this device fully obsolete in my eyes.

    So if you place a NAS or server behind the first router or firewall it could be reached from
    the LAN side behind the second router or firewall and from outside via VPN, but the entire
    private LAN is saved.


Log in to reply