PfSense HA on Proxmox with just one public IP, setting up OpenVPN


I’m in this setup:

ISP Modem:
Public IP:
DHCP/Gateway IP:

One NIC goes to Proxmox eno1 (one for each node in the cluster, through an unmanaged switch)

Proxmxox Cluster with:


  • Virtio NIC on eno1 WAN IP:
  • LAN (VLAN10):
  • OPTx (VLAN100) IP:

*Virtio NIC on eno1 WAN IP:

  • LAN (VLAN10):
  • OPTx (VLAN100) IP:

Everything works really well, I’m actually posting this from that network (VLAN10 - LAN)

Thing is: I can’t seem to be able to set all the firewalls/NATs/Forwards/else to access my system with pfSense’s OpenVPN, I’d like to access VLAN2 (

  1. I disabled the firewall on ISP Modem, PortForwarded everything to CARP VIP IP
  2. I disabled (I think) all the firewalls on Proxmox (cluster and node level)
  3. I followed the settings in pfSense’s docs to add an OpenVPN for server setup (tunnel net - not assigned to any pfSense interface, destination net and firewall rules setup

I don’t seem to see much in the logs, on pfSense, probably the traffic is being blocked/routed elsewhere
I don’t seem to see much in the ISP modem/router logs on OpenVPN port

Anyone has tried a similar setup can point me to proper settings to make this thing fluid?
I’ll also need something similar when I’ll host other services on Proxmox through the network managed by the virtualized pfSense HA setup.

Thank you very much in advance!