Looking for some advise on using pfsense as an OpenVPN gateway

ghurty

Hi,

I am trying to set up pfsense as a OpenVPN gateway for two types of users:
The first one: I will want it that a user can dial into it and then their web browsing to a particular website will be routed through the pfsense device. So they show that IP, I guess like a proxy.  I would want all in and out communication to just go through the WAN port, no access to the second NIC.
Th second one: Will once they connect have access to the local network that is plugged into the second NIC of the pfsense box.

Is this doable, and what would be the best way to go about it?

Thanks

robi

It is.

For the first one, you'd have to push a route to the client for that particular website. You can even push it by dns name, but you have to set manually in the installed OpenVPN client's config the allow-pull-fqdn parameter.
For the second one, it works out of the box.

You'd create two OpenVPN server instances (running on two different ports) for the two types of users. Assign the created server's tun interfaces as pfSense network interfaces, and then you can apply firewall rules to them as usual (for the first one to only allow access through wan, and for the second one allow acess through the second nic lan).
You'd have to set up hybrid NAT too, for the first one to access that special site from behind the VPN tunnel.