General VPN traffic



  • We have users that need to get vpn traffic out for work. Since I don't know what or who they are connecting to is there a way to pass generic VPN traffic in and out of pfsense. They connect through an access point on the LAN interface of pfsense.

    Thanks again

    We have a LAN interface and a WAN interface
    DHCP on LAN static IP on WAN, The AP (172.16.50.253) gets addresses from the LAN DHCP pool 172.16.50. - 50.200. We have. Allow any tcp/udp ports 53, 80, 443 to any on the LAN interface. We also have a VPN ports alas group with TCP ports 1723, UDP ports 50, 500 1701 and 4500 on the LAN interface with allow from LAN net to any from VPN alias group to any. The WAN interface has the stock rules. This is a separated network outside of our production network for guest access


  • LAYER 8 Netgate

    Need way more info to hazard so much as a guess.



  • Please post screenshots of rules / NAT.
    Is the WAN IP a public IP?

    UDP 500, 4500 should work for most VPNs provided they support NAT-T.  If not you might also need to enable protocol ESP.


  • LAYER 8 Netgate

    Why lock down guest access so hard? Just askin'.



  • I have a meeting about that tomorrow morning, I think they are just going to let me send it all out. If that is the case would I remove everything and put in the pass from any to any rule on the lan interface.?


  • LAYER 8 Netgate

    Pass access to the local assets they need if any (DNS, etc)
    Reject access to the local assets you want to protect (other local networks, this firewall)
    Pass everything else (the internet)


Log in to reply