My network is COX — ipfire ----- pfsense ---- laptop. I’d like to vpn from my laptop to ipfire. Openvpn runs on ipfire listening on 1194. It seems I need to add some rule to pfsense b/c there is no traffic after the pfsense. But, if I use my phone as a hotspot, my laptop is able to connect to ipfire vpn. Can one help me with what rule I need? I’m very new on pfsense. Thank you.
68.* COX ------- ipfire — 10.0.0.* ________________ 10.0.0.40 ----- pfsense — 192.168.1.1
I don’t really understand what your goal is with the VPN, it is to connect to your internal network when you are not at that location?
Connect to my internal network.
The laptop 192.168.1.195 (pfsense LAN) is trying to vpn to the public ip 68.* ipfire is listening on 1194 and makes the connection. But I see no traffic going out of pfsense.
What @LTS_Tom said. Usually you use a VPN to create a secure connection from somewhere on the internet to your LAN, or create a secure tunnel between two LANs over a shared connection. What is the purpose of IPFire in this scenario? Why not just do everything on pfSense (or IPFire if it has the features you want)?
My primary firewall is ipfire, the WAN side connects to COX and the LAN side gives me my 10.* network. I would like to test the pavlos.ovpn I created. On ipfire, openvpn server starts and listens to 1194. To test, I have to drive to the local library (or coffee shop) and try to vpn into my home. If successful, my vpn works. If not, drive home, make changes to openvpn server on ipfire, and repeat driving to the local library until I have the vpn working.
So, I created another network inside my home, I added a pfsense netgate 4220, default config, WAN is 10.0.0.40, LAN is 192.168.1.1 My laptop connects via rj45 to pfsense, gets 192.168.1.195
On my laptop, I can ping the COX ip 68.* I try
sudo openvpn pavlos.ovpn, this should go out to the public ip (COX) and should connect to ipfire. The goal is not to drive to the library again and again.
Have you tried using your phone with OpenVPN client ?
my phone does not have hotspot capability. I borrowed a phone from a friend, enabled hotspot, connected my laptop to that hotspot and vpn worked. But his service has a cap on cellural data, I cannot stay for long.
Success! … I added the directive
float in the pavlos.ovpn and created a port forward rule. My laptop connects successfully to my home and am able to ping hosts by name.
OP, why do you use ipfire as your main firewall to the Internet? I see you have pfsense, this should be your main firewall by a mile!
As for your question, just add a rule to your pfsense to allow OpenVPN through the ingress interface your laptop is connected.
Floating rules are global to all interfaces, so just watch out for this as it can backfire if you omit them in the future as it override iirc all local interface rules.
I’d like to learn pfsense and then I can switch. In the meantime, I did add a rule so I can use it as a secondary firewall. Thank you for your comment.