Guide for configuring vpn2 using pfsense. Host already connected using linux

  • I hope this is the correct forum for this.  I was considering the virtualization forum but wasn't sure.  I am using 2.2.3 and want to create the following config.

    My linux host is already connected using direct connect (no PfSense bridge) in 14.04 to my VPN provider.  Tunnel is on tun0 and is working fine.  The hardware nic isn't great with PfSense so rather than bridge I went direct connect on the motherboard.  Again, no issues and connection is remarkably solid.  Now; I would like to add what I'll call vpn2 using another vpn server to nest inside vpn1.  Since I have no additional hardware nics the config will have to be virtual, which I have read can be done.  I know it would be better to have independent hardware nics and things would be much easier if I could manually bridge everything together.  I don't though, and this is a laptop so there are no slots to add a card.  The usb card options don't look like something that I would be interested in.

    First, and I am looking for brutal honesty here.  Is running in my proposed virtual config going to be a source of nightmare disconnections?  I never lose a connection now and I am using TOR inside NAT'd VM's connected to the tunneled host.  TOR has its place but there are things and speeds needed that exclude TOR for certain operations.  To that end I want to add one or two more vpn servers in a "nested" circuit.

    I have been looking at pfsense now for quite some time.  This will either be on ubuntu or debian and lets not make this a debate over which of the two is better.

    I have seen a couple of guides on this forum but they don't seem to address where I am, unless I just missed one that does apply.  Speaking in very basic "just learning" like my username suggests terms, what would be the step by step for completing the vpn2 setup on pfsense?  I already have the basic pfsense VM built configured and I can use clones to  learn how to connect the vpn client.

    I AM STRUGGLING WITH HOW TO ADD THE VPN CLIENT TO THE MIX, and configure the gateways.

    1.Starting with the Pfsense VM basic as ready to go and connected via NAT already where do I go from here?  I already have the workspace VM's connecting on an internal pf2 network adapter, and can easily edit through the configurator.

    2. I have already downloaded the vpn certs, IP's needed, etc.. and that stuff is sitting here ready to be entered as needed.

    Yes, I am the new guy.

  • I've read that three times now and I still have no idea what you really want to do.  Maybe a network diagram would help.  I will say that such connections usually use IPSEC to do site-to-site VPN.  Your VPN provider likely has a guide on how to configure your router for IPSEC to connect with them.

  • I am not sure how I could draw a diagram to better explain my desires.  If I setup a pfsense VM using a second VPN provider then the sites I visit would see THAT IP instead of vpn1's.  I am trying to add hops to better conceal my original location and be more difficult to trace.  Ultimately I want to use at least 3 vpns for this purpose.  I don't want to get political here but I have a need for such a configuration.  I know this can be done quite easily in a fully bridged setup because I have friends that do it.

    For now lets stay with one additional vpn and then I'll build from there if I can get at least two working.  Hope this clears things up some.  I don't know all the fancy jargon so bear with me please!

  • OK I think I understand what you are trying to do.  Too bad for you that I have no idea how to do it  :-[

  • OK, thanks for taking the time to read through it.

    So, anyone else that can jump in?  Is the confusion because I want to create virtual routers in VM's?  If I had the physical nic's I would bridge but I don't.

  • When setting up a vm guest, if you dont want vpn2 to go through vpn1 which is on your host/baremetal, bridge the vm guest, that basically shares the physical network card although the host OS will still see network traffic passing over it from another OS.

    If you want to send vpn2 through vpn1, then use nat and the virtual software should route you through vpn1, giving you what I suspect you want if you mean nested as in sending vpn2 through vpn1.

    Depending on what you use to run your vm guests in this may be easy or hard, it depends on your virtualisation software used.

  • If you're really that paranoid, ditch the VMs and rent several VPSes from different providers around the world and then chain your connections through them via IPSEC.

  • LAYER 8 Global Moderator

    "I am trying to add hops to better conceal my original location and be more difficult to trace"

    How would nested vms do that??  Dude really seems like your tinfoil hat shrunk in the wash or something JFC…

    "I don't want to get political here but I have a need for such a configuration."

    BS BS BS....  Who exactly are you wanting to hide from??  Create you vpn to your trusted enpoint.. Done!

  • Harsh comments would be an understatement!  I just wanted to learn something useful.

    I am sorry to have bothered you guys.

    Admins, please feel free to close or delete this thread.  VERY disappointed!!

  • You're not a bother but we don't think you can do what you want to do.  Plus we don't really care what your purposes are.  If you need to hide behind 12 proxies so you won't get sued by the MPAA for running a zillion torrents, whatever.  But it's hard to give best advice when you're being cagey about your end goals and what you're doing.

  • LAYER 8 Global Moderator

    Nested VMs on your side would do NOTHING to hide your connection point..  Hiding your traffic from your connection provider requires just one layer of encryption.  putting a tunnel inside a tunnel inside a tunnel is pretty pointless..

    Create a tunnel to a trusted endpoint on the outside of your connections providers network.  If you then want to bounce a connection off of that through multiple proxies, turn tor through that connection even to hide your actual connection point from the tor network or proxies you use.

    But running nested vms to accomplish this goal is just wasted resources time and performance.

Log in to reply