VPN service on a PC
-
Hello!
I am new to all this so bear with me please.
I would like to turn my old desktop PC (a Celeron D with 512 MB RAM) into a router/FW/etc., primarely because I would like to establish a home VPN service.
I installed the 64-bit version of pfSense via USB (should I have installed the 32-bit version since I only have 512 MB or RAM?) with VGA support and I can't get past the WAN setting. If I hit "a" nothing happens but I know why. Because I'm not connected to the WAN, I'm using another router in between.
It's like this: –>ISP/DSL-->Router-->Switch-->"pfSense PC-to-be". I tried also a direct connection via UTP cable from my laptop into the NIC of the old PC but I don't know the IP of pfSense. Tried 192.168.1.1 but that didn't work.
I would like to use this machine for a home VPN and also learn as much as possible (about networking in general) and also put my old PC to as much use as possible for learning.
I have two NICs in that PC, the integrated LAN card and a 3Com 3CRDAG675 Wireless LAN card. Ubuntu and Windows XP recognise and work with that old Wireless card but there are no drivers for Windows 7 or 8. How can I know if pfSense will recognise it?
Any help would be greatly appreciated!
-
It's like this: –>ISP/DSL-->Router-->Switch-->"pfSense PC-to-be".
Make it like this:
DSL (bridged) -> pfSense LAN -> Switch -> WiFi AP (connected via LAN port, no DHCP/routing)
-
Sadly I can't move this portion of the network: "ISP/DSL–>Router-->Switch". From switch onwards I can change things but that's all. So the pfSense machine would have to work in the LAN domain I guess.
I have another wireless home router that I can use. But only one NIC with RJ-45 in the machine. The other NIC is the old 3COM wireless card.
How can I access the interface anyway? If I connect via UTP cable to my laptop nothing happens. What should be the IP address?
-
Well from switch onwards it's completely useless. You are tripple-NATing.
-
But can I have a VPN server there? That's what I'm trying to use pfSense for, not as a firewall.
-
If I hit "a" nothing happens
After hitting A key you have to plug in the network cable into WAN interface to tell pfSense which NIC it is.
The VPN server will also work in LAN, provided you can forward VPN traffic to it.
-
When I was hitting the A key I had an UTP cable going from the pfSense machine into the switch and then into the LAN port on the router which's WAN connects to the DSL "modem".
How can I access pfSense's interface? Connect an UTP cable into it's NIC and the other end into my laptop's RJ-45. I don't know the IP address to log in. Or it does not work like that?
-
How can I know if pfSense will recognise it?
https://www.freebsd.org/releases/10.1R/hardware.html
When I was hitting the A key I had an UTP cable going from the pfSense machine into the switch and then into the LAN port on the router which's WAN connects to the DSL "modem".
How can I access pfSense's interface? Connect an UTP cable into it's NIC and the other end into my laptop's RJ-45. I don't know the IP address to log in. Or it does not work like that?
There should be no network cable be connected before you hit A.
There are some guides on web describing the intallation process like
https://doc.pfsense.org/index.php/Installing_pfSenseAfter installation if at least two network card are recognised pfSense set the first as WAN and second as LAN and assign 192.168.1.1 to LAN.
pfSense will also list recognised NIC at the console and you can assign them manually.To run a VPN server, just one NIC will be sufficient.
-
I think pfSense recognised tha WLAN adapter, it stated that it's Atheros (3COM with an Atheros chip I guess), not sure if it will work though.
I would like to log into pfSense and can not. I can only log into LAN port, not WAN, right?
Sometimes it recognises the WAN, sometimes says there's no link (even though there is) and I doesn't assing LAN.
How can I log into it throught that one NIC with RJ-45? And how could I run a VPN server with just one NIC?
I'm lost… Thank you for bearing with me!
-
It would already be a success for me just to get in here:
Is an UTP cable connecting the pfSense box with a laptop enough to get to the dashboard? Or do I have to have WAN link/signal?
I am unable to log in…
-
After installation if you haven't assign any IP to interfaces the screen looks like that in my first attachment below.
Under "Valid interfaces are:" pfSense lists recognized interfaces with MAC addresses an names. Here it is just one: re0You can assign the interfaces manually. If you also have just one assign this to WAN. In my case I had to enter "re0" to manually assign the NIC to WAN.
When you are asked for LAN just press Enter to skip.After that is done pfSense finishes configuration and shows the screen in the second attachment. This is the console menu.
Here it shows an IP assigned to WAN per DHCP.
To change the WAN IP, press "2" and assign an IP and mask to WAN and respond to the other questions.After that you can connect to WebConfigurator over WAN interface by typing the WAN IP in the browser of a connected computer.
There should be no complexity.
-
Thank you very much for this. I went through all those stages before. I now manually set the bfe0 for WAN and assigned an IP (no DHCP) and I was able to log, I came to the log screen. But then since I didn't know the password it threw me out and even if I rebooted and set a new IP I couldn't log back in. It could well be an obscure hardware issue on my side so I'm going to install pfSense in VMWare and try there as soon as I have some time. Again, thank you a lot!
-
I have installed pfSense in VMWare Player and then figured out I have to have a bridged WAN connection. I was finally able to log into the pfSense web interface. It's overwhelming. :D
How do you recommend me, as a beginner, to start with setting up a VPN service?
Thank you! :)
-
How do you recommend me, as a beginner, to start with setting up a VPN service?
The same way the rest of us do it: lots of reading, lots of video-viewing, lots of trial & error, lots of questions.
-
I know, I know, as with anything. But still, can I use pfSense as a VPN server even though it's not connected to the real WAN? It's in the LAN segment of my network. I've read somewhere up there that one ethernet connection is enough for VPN - so how would I go about it then?
Thank you.
-
But still, can I use pfSense as a VPN server even though it's not connected to the real WAN? It's in the LAN segment of my network. I've read somewhere up there that one ethernet connection is enough for VPN - so how would I go about it then?
I've run such a set-up with 2.1 at the time I moved from other firewall product to pfSense to provide continuous VPN service. I see no reason why it shouldn't work with current version, at least in case you use openVPN.
You have to forward the OVPN port to pfSense at the DSL router and configure the VPN server to listen on the only one interface.If you run a VPN server on pfSense it adds a virtual interface for the VPN tunnel network, so you have than 2 interfaces. At these interfaces you can configure firewall rules to control traffic in both directions.
-
And you need to do something so that devices in the LAN know how to reply to packets coming from across the OpenVPN. LAN devices (like some server that OpenVPN users want to connect to) are going to have some other default gateway - e.g. the DSL router.
a) Add a static route in the DSL router pointing traffic for the OpenVPN tunnel to the pfSense interface. Introduces asymmetric routing at the DSL router (the packets from the OpenVPN tunnel to LAN servers will not be seen by the DSL router). If the DSL router does not care then this option will work.
or
b) Add a static route to the OpenVPN tunnel to each server on the LAN. If there are only 1 or a few then this can be an easy option.
or
c) NAT traffic from the OpenVPN tunnel out the pfSense interface that goes to your LAN. Then all traffic appears to come from the pfSense address on your LAN. LAN servers reply fine and all is well. Disadvantage is that the LAN servers cannot distinguish the various clients inside the OpenVPN tunnel - if you care about that. -
Thank you for your help guys, but this is a bit beyond the scope of my currnet knowledge. Let me clarify how things are set here and what I'd like to achieve. Thank you for bearing with me!
This is how things are set in my house and sadly I can not change it. It would be ideal to remove the router and replace it with the pfSense machine but it's impossible. So the pfSense machine is in the LAN. It has 2 NICs, a wired one and a wireless one. I have also installed pfSense on my PC (in VMware), so whatever will be easier to do.
What I'd like to achieve (just to learn stuff, not to have the VPN server running 24/7) is: 1. Be able to safely surf the web from a public unsecure WiFi connection, tunneled into my house, throught the DSL interface and router, into the pfSense and then securely to the internet - as if i was home. 2. Make the pfSense also act as a wireless point - using the 2nd (wireless) NIC, alongside it being the VPN server.
I was thinking OpenVPN or IPSec (since for IPSec there's no additional softare needed on the Windows clients). What would you recommend, I'm guessing OpenVPN?
So, how would achieve what I want in the easiest way, without modifying/compromising the current network setup (the Cheap router being the firewall protection as everything goes through it and pfSense is just an experiment for me right now - just for the VPN, not to act a firewall).
Thank you!
-
I think, an IPSec server is more difficult to set up and to route. However, I've never set up one at pfSense, but openVPN.
If you add the "Open VPN client export utility" you can export a OpenVPN client and the required settings and install it on Windows with a single stroke.
I don't want to discuss your hardware set-up any more. You may have your reasons.
However, you can achieve your intention also this way. As said above, you have to forward the VPN port to pfSense. If your DSL modem is not in bridged mode you have to forward it here and a second time at the router.
For routing the VPN traffic right in your LAN, you should have nothing further to do. The necessary rules should be automatically created if you have just WAN and WLAN interface. To check that go to Firewall > NAT > Outbound and look for a rule where interface is WAN, source is your VPN tunnel network, source port, destination and destination port are any (*) and NAT address is WAN address.
If you can't find such a rule, select "Hybrid Outbound NAT rule generation" and click save and than add it by clicking +. -
I just realised that I could in fact connect from pfSense to the DSL modem. I can't believe I haven't tought of it before. My ISP is supposed to provide me two IP addresses, not one. So I'll disconnect the cable that's connecting my dumb swithc to the router and connect it directly to the DSL modem. I'll try it tomorrow or when I'll have some time and hopefully it will work with the 2nd IP leased.
Can I have 3 NICs in the old PC box? I think I'll need another wired NIC to make it all work properly. Thank you for all the tips, I can't wait to try and make it work.
PS: Another question - I've read that pfSense supports WOL so that it can wake up computers on the LAN. But what about pfSense itself, is it possible to turn on the pfSense box itself with WOL? The PC supports WOL (in checked the BIOS), does pfSense support it too?