Single NIC pfsense server behind NAT



  • I have the current situation: I'm running a Ubuntu 14 server at home with two NICs. One is connected to my modem and the other one is connected to my switch. The server acts as a router and is the gateway between my ISP and the other local connected clients. I have set-up some iptables rules which do the routing/forwarding/etc. I also have installed KVM on the server.

    Now what I want:
    When I'm abroad, I want to be able to set-up a vpn tunnel with my server at home. I thought its a great idea to use pfSense for this, right? Now what I have figured out:

    • I will install pfSense on a dedicated virtual machine on the server. It will have one NIC (bridged with the sever) and a static ip address: 192.168.1.5

    • On this VM, I will install pfSense and configure it with only one purpose: being a L2TP vpn server, so clients (iPhone, Macbook) could browse the internet safe

    So now I'm looking for some instructions how to:

    • install pfSense on a virtual KVM machine with only one NIC (what os type to choose?)
    • enable just the L2TP feature
    • find out what ports I have to forward from the host to the pfSense box

    Anyone some experience with this?


  • LAYER 8 Netgate

    No idea why you wouldn't just replace the roll-your-own ubuntu "firewall" with pfSense.



  • Well, I prefer having Ubuntu as host, since I'm also compiling stuff on this. Please notice that it's just my home server, no business things here. So my question remains: is it possible to have a dedicated VPN server running in pfSense on 192.168.1.5 as bridge? Any directions?



  • No reason to use pfSense for this. I would just install simply an OpenVPN server on your Ubuntu machine, that's all.



  • Thanks for your reply, however I would like to use the native VPN client from iOS. Unfortunately openvpn is natively not supported.



  • While the native VPN might be nice, "there's an app for that"

    OpenVPN Connect, Tunnelblick, and Viscosity all work well with iOS devices to get you OpenVPN connectivity, they're fairly  plug and play.

    I (and many others) use them on a regular basis to do exactly what you're proposing.


  • LAYER 8 Global Moderator

    ^ exactly your making it way too complicated..  It would take about 30 seconds to install the openvpn-as ubuntu package.. And prob less to install the app on your ios device.  Clickity Clickity your openvpn server is up and running..  Grab the openvpn connect client that works great on both ios and android devices and is FREE as in beer..

    Your making it way way over complicated because you don't want to use the correct tool for the job..  Sure Bob I can drive that nail in with this screwdriver – see its real easy... ARrrrrrghhhhhh ;)

    Click Click on vpn via my iphone, click click on a different profile using different port and tcp vs udp and even ipv6 access.





Log in to reply