Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is there a simple way to setup openvpn on pfsense when it's all on the lan side?

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      timmiet
      last edited by

      I have a fortigate router that I can't replace.
      It is setup in a building with one owner and 2 companies.
      We want then to be a separate as possible for as cheap as possible.
      fortigate is 192.168.104.0/24
      I would like to setup a cheap router to seperate  so… wan would be 192.168.104.100 and lan would be 192.168.11.0/24.

      I would then like to setup pfsense/openVpn to run in hyper-v on a v-switch and keep it all on the local subnet. 
      modem>>fortigate>>cheapRouter>>server2012+hyper-v
      internetIP>>192.168.104.1>>192.168.11.1>>  192.198.11.10(server) 192.168.11.100(pfsense wan side on hyper-v switch) >> to full internal subnet access.

      this might be a very stupid way to go about it, but I really like the openVpn interface on pfsense, and thought if it could just sit on the lan side and only route openVpn traffic to the local lan that would be cool.

      I've gone through what I thought might work but hit a wall.
      This by the way is for 1 to 5 road warriors.

      On a side note would I be better to just install OpenVpn on the server direct (w/tap driver)
      Thanks reading my rant and for any help.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        So who controls this fortigate?  Who is going to forward the traffic to whatever is running openvpn?

        If you want to isolate your company from the other company, and you like pfsense.. Just plug it into your network on its wan, so it would get a 192.168.104.x address on is wan.

        You then setup your network behind pfsense on whatever network you want other than that 192.168.104.0/24 network.

        Not seeing the point of the cheap router??  And then pfsense you would have a triple nat then.

        Then you run openvpn on pfsense wan.. Just need someone to forward the ports your using for openvpn to your pfsense wan IP of 192.168.104.X

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • T
          timmiet
          last edited by

          the point of the cheap router is for the nat.  To prevent the IT team who controls the fortigate from having access to our network.  So yes that would be as I understand it a double nat.
          I know instead of a cheap router I could just setup a small pc to run pfsense with openvpn on it, but I was hoping to run pfsense from hyper-v to kinda use it like (openvpn access server).
          I guess I might just install openvpn direct on the server, or build a small pc with pfsense to replace the cheap router.
          thanks for the help  :)

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            What do you think pfsense does??  It nats just fine..

            You can run pfsense on your hyper-v box, or esxi or plenty of other vm software, and have your network behind that vm.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • T
              timmiet
              last edited by

              I guess what I really wanted to do was be able to add a pfsense vm without nat, dns, or dhcp to an existing network and use it just as an openvpn appliance with the old router (or in this case fortigate and cheap router ) just port forward to pfsense on the lan side with static ip.
              Thanks for the help.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.