Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Guide for configuring vpn2 using pfsense. Host already connected using linux

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 4 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      justlearning
      last edited by

      I hope this is the correct forum for this.  I was considering the virtualization forum but wasn't sure.  I am using 2.2.3 and want to create the following config.

      My linux host is already connected using direct connect (no PfSense bridge) in 14.04 to my VPN provider.  Tunnel is on tun0 and is working fine.  The hardware nic isn't great with PfSense so rather than bridge I went direct connect on the motherboard.  Again, no issues and connection is remarkably solid.  Now; I would like to add what I'll call vpn2 using another vpn server to nest inside vpn1.  Since I have no additional hardware nics the config will have to be virtual, which I have read can be done.  I know it would be better to have independent hardware nics and things would be much easier if I could manually bridge everything together.  I don't though, and this is a laptop so there are no slots to add a card.  The usb card options don't look like something that I would be interested in.

      First, and I am looking for brutal honesty here.  Is running in my proposed virtual config going to be a source of nightmare disconnections?  I never lose a connection now and I am using TOR inside NAT'd VM's connected to the tunneled host.  TOR has its place but there are things and speeds needed that exclude TOR for certain operations.  To that end I want to add one or two more vpn servers in a "nested" circuit.

      I have been looking at pfsense now for quite some time.  This will either be on ubuntu or debian and lets not make this a debate over which of the two is better.

      I have seen a couple of guides on this forum but they don't seem to address where I am, unless I just missed one that does apply.  Speaking in very basic "just learning" like my username suggests terms, what would be the step by step for completing the vpn2 setup on pfsense?  I already have the basic pfsense VM built configured and I can use clones to  learn how to connect the vpn client.

      I AM STRUGGLING WITH HOW TO ADD THE VPN CLIENT TO THE MIX, and configure the gateways.

      1.Starting with the Pfsense VM basic as ready to go and connected via NAT already where do I go from here?  I already have the workspace VM's connecting on an internal pf2 network adapter, and can easily edit through the configurator.

      2. I have already downloaded the vpn certs, IP's needed, etc.. and that stuff is sitting here ready to be entered as needed.

      Yes, I am the new guy.

      1 Reply Last reply Reply Quote 0
      • KOMK Offline
        KOM
        last edited by

        I've read that three times now and I still have no idea what you really want to do.  Maybe a network diagram would help.  I will say that such connections usually use IPSEC to do site-to-site VPN.  Your VPN provider likely has a guide on how to configure your router for IPSEC to connect with them.

        1 Reply Last reply Reply Quote 0
        • J Offline
          justlearning
          last edited by

          I am not sure how I could draw a diagram to better explain my desires.  If I setup a pfsense VM using a second VPN provider then the sites I visit would see THAT IP instead of vpn1's.  I am trying to add hops to better conceal my original location and be more difficult to trace.  Ultimately I want to use at least 3 vpns for this purpose.  I don't want to get political here but I have a need for such a configuration.  I know this can be done quite easily in a fully bridged setup because I have friends that do it.

          For now lets stay with one additional vpn and then I'll build from there if I can get at least two working.  Hope this clears things up some.  I don't know all the fancy jargon so bear with me please!

          1 Reply Last reply Reply Quote 0
          • KOMK Offline
            KOM
            last edited by

            OK I think I understand what you are trying to do.  Too bad for you that I have no idea how to do it  :-[

            1 Reply Last reply Reply Quote 0
            • J Offline
              justlearning
              last edited by

              OK, thanks for taking the time to read through it.

              So, anyone else that can jump in?  Is the confusion because I want to create virtual routers in VM's?  If I had the physical nic's I would bridge but I don't.

              1 Reply Last reply Reply Quote 0
              • F Offline
                firewalluser
                last edited by

                When setting up a vm guest, if you dont want vpn2 to go through vpn1 which is on your host/baremetal, bridge the vm guest, that basically shares the physical network card although the host OS will still see network traffic passing over it from another OS.

                If you want to send vpn2 through vpn1, then use nat and the virtual software should route you through vpn1, giving you what I suspect you want if you mean nested as in sending vpn2 through vpn1.

                Depending on what you use to run your vm guests in this may be easy or hard, it depends on your virtualisation software used.

                Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

                Asch Conformity, mainly the blind leading the blind.

                1 Reply Last reply Reply Quote 0
                • KOMK Offline
                  KOM
                  last edited by

                  If you're really that paranoid, ditch the VMs and rent several VPSes from different providers around the world and then chain your connections through them via IPSEC.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ Offline
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    "I am trying to add hops to better conceal my original location and be more difficult to trace"

                    How would nested vms do that??  Dude really seems like your tinfoil hat shrunk in the wash or something JFC…

                    "I don't want to get political here but I have a need for such a configuration."

                    BS BS BS....  Who exactly are you wanting to hide from??  Create you vpn to your trusted enpoint.. Done!

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • J Offline
                      justlearning
                      last edited by

                      Harsh comments would be an understatement!  I just wanted to learn something useful.

                      I am sorry to have bothered you guys.

                      Admins, please feel free to close or delete this thread.  VERY disappointed!!

                      1 Reply Last reply Reply Quote 0
                      • KOMK Offline
                        KOM
                        last edited by

                        You're not a bother but we don't think you can do what you want to do.  Plus we don't really care what your purposes are.  If you need to hide behind 12 proxies so you won't get sued by the MPAA for running a zillion torrents, whatever.  But it's hard to give best advice when you're being cagey about your end goals and what you're doing.

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ Offline
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          Nested VMs on your side would do NOTHING to hide your connection point..  Hiding your traffic from your connection provider requires just one layer of encryption.  putting a tunnel inside a tunnel inside a tunnel is pretty pointless..

                          Create a tunnel to a trusted endpoint on the outside of your connections providers network.  If you then want to bounce a connection off of that through multiple proxies, turn tor through that connection even to hide your actual connection point from the tor network or proxies you use.

                          But running nested vms to accomplish this goal is just wasted resources time and performance.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.