I am a Cloud Admin major at Full Sail University. PFSense is absolutely bonkers haha. In fact, we haven't gone over it yet at all. I hope in the future that we do, but as of right now. I am completely stumped. This UI is so complicated IMO.
I want to make it so that as long as an End Device has the VPN router set as the gateway it'll go through the encrypted VPN, and any other device that is set as the main gateway i.e. 192.168.1.1 will go through to my ISP without VPN encryption.
Let me start off with the basics of my network.
Arris Modem DOCSIS 4 Full Duplex > Unifi USG-3P > Unifi US-8-60W > Main Workstation Rig, Unifi AP Pro, and a Reolink security camera.
I use PrivateVPN:
This is different than an S2S because I use a VPN service as an IP mask and to get around Geo Restriction. I do not have access to PrivateVPN's Server settings.
My Workstation:
i7 8700k
16 gigs RAM
GTX980
Asus Strix z370-e (only one NIC)
At first, I started with Ubuntu Server VPN set up:
Hyper-V
Single NIC Host
Running Windows 10 Pro Host OS
vSwitch to NAT
Ubuntu Server:
Address: 192.168.1.14/24
Gateway: 192.168.1.1
DNS: 192.168.1.1
Installed OpenVPN
Connected to PrivateVPN tun0
added these rules:
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo iptables -A FORWARD -o tun0 -i eth0 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables.sav
And it worked for like a day, but something caused it to time out and even when I reverted to a checkpoint when it was working it didn't help. By working I mean: any end device set up to go through the VPN would connect, visit google, download files, etc. And when I went to check my IP it was through the VPN. Ran some DNS Leak tests etc. Worked great! By Broken I mean: 24 hours later, End Devices stop being able to ping google, and can't access the web. When I ping google on the VM I get temporary resolve errors. When I connect to the VPN after a restart, it can ping google, but the end devices still have no access to the internet through the VPN VM. This caused the Sys Admin in me to go like: "Okay, I can't have this be so unreliable. I need something that will work 24/7"
I have an Ubuntu media sharing server on the same subnet as my host rig as well as another Ubuntu Server VM running my UNIFI Controller all sharing one NIC those work flawlessly.
What I would like:
PFsense Access to VPN through WAN so: PFSENSE > VPN > WAN.
End Device Settings:
GATEWAY: PFSENSE IP ADDR
IP ADDR: STATIC IP/24 SAME SUBNET AS OTHER DEVICES
END DEVICE = Connected to VPN
End Device Settings:
GATEWAY: DEFAULT ROUTER ADDR
IP ADDR: DHCP IP/24 SAME SUBNET AS OTHER DEVICES
END DEVICE = Connected to Unencrypted web.
Is there any way I could accomplish this with PFsense that'll be more reliable than the literal 24 hours that Ubuntu server worked?
Any input is greatly appreciated. Thank you.
WAN and LAN settings
WAN: 192.168.1.14
LAN: 192.168.2.1
UNIFI NETWORK CONTROLLER SEES IT
both pfsense wan and lan
I still can't ping 192.168.2.1 No matter which gateway I use!
What am I missing?
I want to make it so that as long as an End Device has the VPN router set as the gateway it'll go through the encrypted VPN, and any other device that is set as the main gateway i.e. 192.168.1.1 will go through to my ISP without VPN encryption.
Let me start off with the basics of my network.
Arris Modem DOCSIS 4 Full Duplex > Unifi USG-3P > Unifi US-8-60W > Main Workstation Rig, Unifi AP Pro, and a Reolink security camera.
I use PrivateVPN:
This is different than an S2S because I use a VPN service as an IP mask and to get around Geo Restriction. I do not have access to PrivateVPN's Server settings.
My Workstation:
i7 8700k
16 gigs RAM
GTX980
Asus Strix z370-e (only one NIC)
At first, I started with Ubuntu Server VPN set up:
Hyper-V
Single NIC Host
Running Windows 10 Pro Host OS
vSwitch to NAT
Ubuntu Server:
Address: 192.168.1.14/24
Gateway: 192.168.1.1
DNS: 192.168.1.1
Installed OpenVPN
Connected to PrivateVPN tun0
added these rules:
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo iptables -A FORWARD -o tun0 -i eth0 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables.sav
And it worked for like a day, but something caused it to time out and even when I reverted to a checkpoint when it was working it didn't help. By working I mean: any end device set up to go through the VPN would connect, visit google, download files, etc. And when I went to check my IP it was through the VPN. Ran some DNS Leak tests etc. Worked great! By Broken I mean: 24 hours later, End Devices stop being able to ping google, and can't access the web. When I ping google on the VM I get temporary resolve errors. When I connect to the VPN after a restart, it can ping google, but the end devices still have no access to the internet through the VPN VM. This caused the Sys Admin in me to go like: "Okay, I can't have this be so unreliable. I need something that will work 24/7"
I have an Ubuntu media sharing server on the same subnet as my host rig as well as another Ubuntu Server VM running my UNIFI Controller all sharing one NIC those work flawlessly.
What I would like:
PFsense Access to VPN through WAN so: PFSENSE > VPN > WAN.
End Device Settings:
GATEWAY: PFSENSE IP ADDR
IP ADDR: STATIC IP/24 SAME SUBNET AS OTHER DEVICES
END DEVICE = Connected to VPN
End Device Settings:
GATEWAY: DEFAULT ROUTER ADDR
IP ADDR: DHCP IP/24 SAME SUBNET AS OTHER DEVICES
END DEVICE = Connected to Unencrypted web.
Is there any way I could accomplish this with PFsense that'll be more reliable than the literal 24 hours that Ubuntu server worked?
Any input is greatly appreciated. Thank you.
WAN and LAN settings
WAN: 192.168.1.14
LAN: 192.168.2.1
UNIFI NETWORK CONTROLLER SEES IT
both pfsense wan and lan
I still can't ping 192.168.2.1 No matter which gateway I use!
What am I missing?