General VPN traffic
We have users that need to get vpn traffic out for work. Since I don't know what or who they are connecting to is there a way to pass generic VPN traffic in and out of pfsense. They connect through an access point on the LAN interface of pfsense.
We have a LAN interface and a WAN interface
DHCP on LAN static IP on WAN, The AP (172.16.50.253) gets addresses from the LAN DHCP pool 172.16.50. - 50.200. We have. Allow any tcp/udp ports 53, 80, 443 to any on the LAN interface. We also have a VPN ports alas group with TCP ports 1723, UDP ports 50, 500 1701 and 4500 on the LAN interface with allow from LAN net to any from VPN alias group to any. The WAN interface has the stock rules. This is a separated network outside of our production network for guest access
Need way more info to hazard so much as a guess.
awebster last edited by
Please post screenshots of rules / NAT.
Is the WAN IP a public IP?
UDP 500, 4500 should work for most VPNs provided they support NAT-T. If not you might also need to enable protocol ESP.
Why lock down guest access so hard? Just askin'.
I have a meeting about that tomorrow morning, I think they are just going to let me send it all out. If that is the case would I remove everything and put in the pass from any to any rule on the lan interface.?
Pass access to the local assets they need if any (DNS, etc)
Reject access to the local assets you want to protect (other local networks, this firewall)
Pass everything else (the internet)