D
D
DeforondA2020-06-18 20:09:02
openvpn
DeforondA, 2020-06-18 20:09:02

Pfsense with openvpn server on VPS with one network interface (WAN)?

Good afternoon!

Please advise on the following question. There is a VPS with an external white IP and a single network card (WAN), it is not possible to raise a local network there. This VPS has pfsense 2.4.5 installed with an OpenVPN server.
The goal is to connect the existing pfsense in my network (the Internet is via NAT, that is, there is no white ip) with a vpn tunnel from pfsense to the VPS and let all LAN traffic of local pfsense clients through the vp tunnel to the pfsense VPS with an Internet access point in the same place (that is, substitution of the ip address of all clients of the local pfsense with the ip address of the VPS).

To summarize:
-----------
VPS pfsense with OpenVPN server
network interfaces:
1) WAN, IP: 1.1.1.10 (external white ip provided by the VPS provider);
2) VPN-WAN , IP: 192.168.1.1 (interface of tunnel raised on pfsense openvpn server)
-----------
local pfsense with OpenVPN client connected to VPS pfsense openvpn server
network interfaces:
1) WAN , IP: 192.168.30.5 (grey ip provided by my ISP)
2) LAN , IP: 192.168.20.1 (pfsense LAN)
3) VPN-CL-WAN , IP: 192.168.1.5 (ip obtained when connecting to VPS openvpn server on remote pfsense)
-----------

Issues:

1) At the moment, outbound nat on VPS pfsense is switched to "manual" mode. The rules are as follows:

Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
WAN 127.0.0.0/8 * * * WAN address *
WAN 192.168.1.0/24 * * * WAN address *

Whether to add this outgoing nat rule for the created vpn -VPN-WAN interface?

VPN-WAN 192.168.1.0/24 * * * VPN-WAN address *

2) what firewall rules are sufficient for the assigned VPN-LAN interface on the pfsense VPS?

3)Is it possible in this configuration to forward a port from the pfsense VPS to the local pfsense through a tunnel in order to provide access from the Internet to the service raised in the LAN behind the local pfsense? Or is it not going to work correctly?

Thank you in advance!

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question