Remote Access to pfsense behind corporate firewall



  • Hi guys!

    OK, first of all, I have never used pfsense before..
    but I see potential which we can use here.

    Requirement is to get mobile users access the lan-resources behind corporate firewall by using OpenVPN remote access with pfsense placed behind this corporate firewall.

    inet->public-firewall-lan(resources/pfsense)

    where PFsense is configured with lan-ip on wan interface

    I've search and found some tutorials on how to setup tap-mode with pfsense but all are based on using both WAN and LAN-interfaces on pfsense, which would not suffice in our environment.
    (http://hardforum.com/showthread.php?t=1663797)

    have opened openvpn port in corp-firewall and get connection established but cannot ping/access LAN-resources.
    client get an IP from LAN-dhcp server thus having 2 default gateways configured
    one with local-gw and one with corp-firewall(that from dhcp-lease)  :o

    so here Im trying to figure this out but not luck.

    I also tried to change to tun-mode and get ip from pfsense but no fun..

    any help would be appreciated


  • LAYER 8 Global Moderator

    So what is this corp firewall?  I ask because to be honest end pointing a vpn connection behind the edge is normally a bad idea, and just complicates the setup.

    I would suggest if you want to use openvpn to provide road warrior access that you swap out your corp firewall (it doesn't support vpn?) with pfsense and setup the vpn as it should be setup on the edge device.



  • @johnpoz:

    So what is this corp firewall?  I ask because to be honest end pointing a vpn connection behind the edge is normally a bad idea, and just complicates the setup.

    I would suggest if you want to use openvpn to provide road warrior access that you swap out your corp firewall (it doesn't support vpn?) with pfsense and setup the vpn as it should be setup on the edge device.

    Hi there!

    the firewall is a dell sonicwall which does not support more then one ssl-vpn client at a time…

    which brings us to same question on how to achieve that.
    forumers had written that they have had or have same setup but none writes on how to actually achieve that.

    please advice!


Log in to reply