Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    General VPN traffic

    General pfSense Questions
    3
    6
    615
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cal2600 last edited by

      We have users that need to get vpn traffic out for work. Since I don't know what or who they are connecting to is there a way to pass generic VPN traffic in and out of pfsense. They connect through an access point on the LAN interface of pfsense.

      Thanks again

      We have a LAN interface and a WAN interface
      DHCP on LAN static IP on WAN, The AP (172.16.50.253) gets addresses from the LAN DHCP pool 172.16.50. - 50.200. We have. Allow any tcp/udp ports 53, 80, 443 to any on the LAN interface. We also have a VPN ports alas group with TCP ports 1723, UDP ports 50, 500 1701 and 4500 on the LAN interface with allow from LAN net to any from VPN alias group to any. The WAN interface has the stock rules. This is a separated network outside of our production network for guest access

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Need way more info to hazard so much as a guess.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • awebster
          awebster last edited by

          Please post screenshots of rules / NAT.
          Is the WAN IP a public IP?

          UDP 500, 4500 should work for most VPNs provided they support NAT-T.  If not you might also need to enable protocol ESP.

          –A.

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Why lock down guest access so hard? Just askin'.

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • C
              cal2600 last edited by

              I have a meeting about that tomorrow morning, I think they are just going to let me send it all out. If that is the case would I remove everything and put in the pass from any to any rule on the lan interface.?

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                Pass access to the local assets they need if any (DNS, etc)
                Reject access to the local assets you want to protect (other local networks, this firewall)
                Pass everything else (the internet)

                Chattanooga, Tennessee, USA
                The pfSense Book is free of charge!
                DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post