Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Is there a simple way to setup openvpn on pfsense when it's all on the lan side?

    OpenVPN
    2
    5
    1071
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      timmiet last edited by

      I have a fortigate router that I can't replace.
      It is setup in a building with one owner and 2 companies.
      We want then to be a separate as possible for as cheap as possible.
      fortigate is 192.168.104.0/24
      I would like to setup a cheap router to seperate  so… wan would be 192.168.104.100 and lan would be 192.168.11.0/24.

      I would then like to setup pfsense/openVpn to run in hyper-v on a v-switch and keep it all on the local subnet. 
      modem>>fortigate>>cheapRouter>>server2012+hyper-v
      internetIP>>192.168.104.1>>192.168.11.1>>  192.198.11.10(server) 192.168.11.100(pfsense wan side on hyper-v switch) >> to full internal subnet access.

      this might be a very stupid way to go about it, but I really like the openVpn interface on pfsense, and thought if it could just sit on the lan side and only route openVpn traffic to the local lan that would be cool.

      I've gone through what I thought might work but hit a wall.
      This by the way is for 1 to 5 road warriors.

      On a side note would I be better to just install OpenVpn on the server direct (w/tap driver)
      Thanks reading my rant and for any help.

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        So who controls this fortigate?  Who is going to forward the traffic to whatever is running openvpn?

        If you want to isolate your company from the other company, and you like pfsense.. Just plug it into your network on its wan, so it would get a 192.168.104.x address on is wan.

        You then setup your network behind pfsense on whatever network you want other than that 192.168.104.0/24 network.

        Not seeing the point of the cheap router??  And then pfsense you would have a triple nat then.

        Then you run openvpn on pfsense wan.. Just need someone to forward the ports your using for openvpn to your pfsense wan IP of 192.168.104.X

        1 Reply Last reply Reply Quote 0
        • T
          timmiet last edited by

          the point of the cheap router is for the nat.  To prevent the IT team who controls the fortigate from having access to our network.  So yes that would be as I understand it a double nat.
          I know instead of a cheap router I could just setup a small pc to run pfsense with openvpn on it, but I was hoping to run pfsense from hyper-v to kinda use it like (openvpn access server).
          I guess I might just install openvpn direct on the server, or build a small pc with pfsense to replace the cheap router.
          thanks for the help  :)

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            What do you think pfsense does??  It nats just fine..

            You can run pfsense on your hyper-v box, or esxi or plenty of other vm software, and have your network behind that vm.

            1 Reply Last reply Reply Quote 0
            • T
              timmiet last edited by

              I guess what I really wanted to do was be able to add a pfsense vm without nat, dns, or dhcp to an existing network and use it just as an openvpn appliance with the old router (or in this case fortigate and cheap router ) just port forward to pfsense on the lan side with static ip.
              Thanks for the help.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy