Connect pfSense to VPN Provider (OpenVPN Client)

Connect pfSense to VPN Provider (OpenVPN Client) - Full Setup

Рет қаралды 16,977

Күн бұрын

Пікірлер: 43

@IgnazioCastellana 2 ай бұрын

Thank you, your explanation is really clear. In my case I had to add a rule under firewall --> rules --> openvpn to allow all traffic coming back from the vpn (using it to connect to on-prem resources). Thank you again!

@sheridans 2 ай бұрын

Glad it helped, thanks for the feedback 👍

@xXDeltaXxwhotookit 5 ай бұрын

Nice and straight forward - easy to follow along (and see where I was going wrong with other guides). Thanks

@sheridans 5 ай бұрын

Glad it was helpful, thank you for taking the time to leave your feedback

@TheLinuxLab 6 ай бұрын

Excellently explained video!

@sheridans 6 ай бұрын

Thank you, appreciate the feedback

@RoboNuggie Жыл бұрын

I've never used a VPN, and I don't think I will, BUT if say some poor lost soul asks in the future I'll point them here for sure... Thanks Sam, excellent as always....

@sheridans Жыл бұрын

Trying to get back into a rhythm, sometimes hard work finding the time

@RoboNuggie Жыл бұрын

@@sheridans You're doing fine, even if you released a video every month, that would be ok.... we appreciate just how busy you can be Sam.

@khaledshokry9223 Жыл бұрын

Excellent video.

@sheridans Жыл бұрын

Thank you very much!

@mikescott4008 6 ай бұрын

Looking at this again, but ideally wanting port forwarding on the VPN provider.

@doublesnake18 10 ай бұрын

Thanks, worked for me with Kaspersky vpn, now my xbox is connecting to other countries IP and the cloud gaming is working. To be honest I don't care about gaming but it's just a challenge and it's worked 😅

@sheridans 10 ай бұрын

Glad you got it working with Kaspersky, thanks for the feedback and update 👍

@noahkeck8696 2 ай бұрын

This was a great tutorial! I have one additional question though, what if I wanted to make it so that only specific ports on my endpoints were being forwarded to the VPN and the rest of the ports could use the normal WAN?

@sheridans 2 ай бұрын

You can set up a NAT rule to handle that.

@GENhodgy1971 Ай бұрын

Thanks mate for the video! I do have a problem, when disable the open vpn my traffic will return to defualt WAN.. any help would be greatly appreciated..

@SirKas734 5 ай бұрын

Thanks for making this video. Well done 👍🏼. I like how you setup the wan to block traffic on a set IP that isn’t tagged… If I wanted to apply that rule to every IP on my network what modifications would I have to the firewall rule?

@sheridans 5 ай бұрын

Thanks for the kind words, setup up an alias for those you do or do not want and pass. Tags are also an option. Appreciate the feedback 🙏

@SirKas734 5 ай бұрын

@@sheridansdo I have to add every individual IP address one by one or can I set up an Alias that applies to a pool of IP addresses?

@sheridans 5 ай бұрын

@SirKas734 setup an alias which covers the network/24 for example, allow those you want

@SirKas734 5 ай бұрын

@@sheridans copy that. Thank you🤘

@piperfect 3 ай бұрын

You can also add multiple VPN interfaces and use a gateway group so incase one goes down it will still work.

@umarfarid478 4 ай бұрын

You can simply disable the lan rule to avoid direct interaction with wan, let me know what you say about it

@sheridans 4 ай бұрын

You can, you may not want all lan traffic out the vpn

@alexanderruiter6981 Ай бұрын

If I understand your tutorial correctly if I have created my own vpn server i can use your tutorial to connect my sonology to pfsense to use my vpn and create my own firewall rules to allow access to it?

@sheridans Ай бұрын

This tutorial is for using a vpn such as PIA or nord with pfSense. There's other tutorials for road warrior style setups. The easiest way would be to use a vpn such as openvpn, wireguard, tailscale directly on pfSense and connect to that to access devices behind pfSense

@SyberPrepper Жыл бұрын

Very helpful! You mentioned using a VM on Linode or Digital Ocean. I'm assuming you mean that either of these companies could be trusted with the history of your internet use as much as a VPN company? I'm hearing more and more that a lot of the VPN companies actually sell their traffic data to third parties, so I agree that we must be careful about trusting the VPN providers too much. Thanks for the video.

@sheridans Жыл бұрын

Exactly that, if you were to use a VM on any of the mentioned providers, azure, aws, etc. For example, a small debian instance, you would be in full control of your logs, even be able to turn logging off completely; as opposed to taking some companies word for it. Wireguard is easy to set up and great for this purpose 👍

@SyberPrepper Жыл бұрын

@@sheridans Just to be devil's advocate for a moment, wouldn't AWS, Linode or whomever have a record of your internet traffic even if you turned logging off on your Debian instance? Seems like another kicking the can exercise. I hope I'm wrong or that wireguard may solve this. As you can tell, I have a lot of blind spots when it comes to networking, and so appreciate your answers.

@sheridans Жыл бұрын

Quite right to ask, you have more control over what is logged on the server (if anything). Most web traffic would be going out over https (thus encrypted), and you can use DoH/DoT for encrypted dns. They'll probably be something somewhere minimal logged for the external IP, but as most sites are behind proxies (such as Cloudflare) or on shared hosting; the privacy would be much more than that of using a vpn provider, which technically can log a lot more. Anything beyond that requirement use tor 😀

@SyberPrepper Жыл бұрын

@@sheridans I love this idea! Lots of people advocate using Linode or Digital Ocean, but I've not seen anyone suggest using it from the privacy aspect that you describe. This would be a great video. I've always felt more comfortable keeping my computing on-premise, but from a privacy perspective, one would be better off having their email and internet work on one of these VMs. Thanks for the awakening and for the info!

@sheridans Жыл бұрын

Enjoyed that chat, thank you for the feedback, and the great points raised 👍

@try-that Жыл бұрын

Very nicely done, concise and to the point. Are you going to do one for Wireguard? Plus howto use either openvpn or wireguard server on the actual router allowing users access to their network? I think it would be good for the pfsense playlist. I know there is tailscale etc, but I do like having a server on my router ofr access mainly to my camera's via Frigate. Keep up the pfsense video's though, it's nice to see how other people think.

@sheridans Жыл бұрын

I am actually planning a Wireguard video. Whilst the last 3 ot 4 may have seemed fairly random, they were the prep work for getting a couple of systems set up for a Wireguard video. I just figured I'd record them whilst doing them 😉

@vs4147 Жыл бұрын

@@sheridans Dont think WG is available for pfSense anymore - was pulled?

@sheridans Жыл бұрын

@@vs4147 it's been back in for awhile now.

@vs4147 Жыл бұрын

@@sheridans Nice and thanks!

@AlonsoVPR 8 ай бұрын

Any idea on why even propperly configured my machine still connecting through my default LAN? I have checked everything like 10 times (spent all day doing this) but my connection still going through my ISP :/

@sheridans 8 ай бұрын

Sounds like NAT?

@magaiconsultoriaemtimagai1508 Жыл бұрын

Hi friend, I have a question. Is it possible to carry out this configuration that you propose in the video on a pfsense that is already configured as a server? For example, consider my scenario: I have a pfsense on a network that works as a firewall and it is configured with the openvpn server, it already has users and certificates and accepts external connections so that my employees can access the company's local network from their homes . Is it possible to configure this same pfsense as you explain, without losing the server settings? I did it here and the users disappeared, thank God I had the exported backup xml file.