All, I've got two wireless segments that I recently tried to implement a pfsense firewall on. They currently are running with a simple iptables firewall on a linux box. This works, but I'm trying to streamline a few things here, and the pfsense firewall seemed like a good fit for what I was trying to do. The firewall implementation failed, only because of a VPN pass through issue that I could not seem to resolve. Any help on this would be greatly appreciated.
General Description ------------------- The pfsense firewall that I'm trying to implement would be a set of rules for both networks (each with their own interface on the pfsense firewall) and the firewall rules themselves work fine until one of those wireless customers has a VPN in place. The VPN server-end could be on the customer's end or it can be on the remote end, i.e., off of our network. The VPN's can be anything, PPTP, OpenVPN or IPSEC. There can, and sometimes are, multiple VPN's that the clients on these two network segments may be providing or connecting to. Strategy I tried to Implement ----------------------------- The strategy I used was to allow all traffic on the network segments for these two wireless IP blocks, and then to allow all traffic from the WAN interface to the specified customer IP. This in effect should be an allow all by-directionally (both to and from our network)-or at least that was my goal. Yes, this method does not do any firewalling, but in most cases these end points have their own firewalls in place anyway, so I'm not concerned with firewalling those particular addresses, but rather those that have no firewall in place, or a less-than-adequate one. Again, the rules for the normal (i.e., non-vpn) customers work like a champ. The VPN traffic, however, does not seem to pass-through the pfsense firewall at all. The sample allow rule for the customer on the WAN interface would be: allow any-protocol from any ip-address to client-ip address The sampel allow rule for the client interface is a simple allow any from any to any Version ------- The version of pfsense installed is 1.2-RELEASE, hard disk install, 4 interfaces assigned. WAN, OPT1 and OPT2 plus a LAN that is assigned to our private network for management. If what I'm trying to do isn't possible with PfSense, or if I need a plugin (none installed currently) to accomplish, I'd just like to know that too. Thanks in advance! -- Steven G. Spencer, Network Administrator KSC Corporate - The Kelly Supply Family of Companies Office 308-382-8764 Ext. 231 Mobile 308-380-7957 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
