VPN pfsense to pfsense to open ports on a ISP that does not allow for any open ports

Last setup and tested: 10-21-2018

Why did I (sesipod) need to do this ?

I need to use this to open ports on my home internet connection. I use a service provider that offers home internet over 4GLTE and they do not allow for Static IP addresses or ports to be opened. So this is the way that I am getting my web servers and plex online to the world.

You can also use this setup if you would like to send all of your home internet traffic over the VPN so that your isp can't see your data.

Before we begin

You are going to need a few things….

  1. A network with pfsense router version 2.4.4
  2. A VPS server with pfsense installed version 2.4.4
  3. About 30 min of time.

I am going to be using a VPS form a provider called VULTR. It costs $3.50 per month and is the best deal for this project.

  • CPU: 1 vCore
  • RAM: 512 MB
  • Storage: 20 GB SSD
  • Bandwidth: 500 GB

The basics

  1. Setup a pfsense to pfsense point to point openvpn connection.
  2. Setup and make sure that the VPS pfsense can ping the home LAN.
  3. Setup the vpn client as a VPN Interface.
  4. Setup the vpn Interface as the primary Gateway.
  5. Setup outbound NAT for LAN so that all devices use the WAN gateway.
  6. Setup outbound NAT for an alias list of devices to use the default (VPN) gateway.
  7. Setup Firewall RULES so that traffic can be directed to the correct location.
  • Here is my VPS ip:
  • Here is my HOME ip:
  • Here is my HOME LAN subnet:
  • This will be the vpn subnet:

Lets get started

Lets get your VPS installed with pfsense.

  1. I am going to pick the location that is closest to me Atlanta.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-1.jpg
  2. I am going to have the VPS installed with pfsense 2.4.4
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-2.jpg
  3. I am going to select the $3.50 per mont vps this is more than enough bandwidth for me.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-3.jpg
  4. You can put a host name here for the vps if you wish its optimal & lets deploy the VPS.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-4.jpg
  5. After a few minutes the VPS should now be installed and ready to use.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-5.jpg

Now lets setup pfsense as it is not auto installed for you.

  1. In the Vultr management panel click on the 3 dots next to the VPS that you just created and then click on view console. I am going to take the quickest approach to getting it installed so basically press enter all the way through.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-6.jpg
  2. You should see the following in your console window. Press enter to accept.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-7.jpg
  3. Press enter to accept.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-8.jpg
  4. Press enter to accept.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-9.jpg
  5. Press enter to accept.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-10.jpg
  6. Wait for the install to complete.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-11.jpg
  7. Press enter to accept.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-12.jpg
  8. Press enter to reboot.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-13.jpg
  9. Now that pfsense is installed you have to remove the ISO form the drive. Back on the Vultr Management panel press the 3 dots and select “server details”
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-14.jpg
  10. Now click on settings.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-15.jpg
  11. Under settings click on Custom ISO Then click the blue Remove ISO buttion.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-16.jpg
  12. Press OK the VPS will be rebooted for you.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-17.jpg
  13. After that lets open the counsel again. In the Vultr management panel click on the 3 dots next to the VPS and then click on view console.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-6.jpg
  14. You should now end up here after the reboot. - Press N for VLANs setup.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-18.jpg
  15. Lets select the WAN adapter in my case it was vtnet0 (this may be different for you). Enter it and press ENTER.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-19.jpg
  16. “Enter the LAN interface” Press ENTER we do not have a LAN adapter and do not need one.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-20.jpg
  17. “Do you want to proceed?” Enter Y and Press ENTER
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-21.jpg
  18. After everything is complete you should now see the following.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-22.jpg

You are done with the console you can close it.

Configuring VPS pfsense

We need to now configure pfsense for use. Lets start by opening your web browser and entering the ip in the address bar like so: . I am going to be using google chrome for this part.

  1. Chrome will complain about the page not being secure. This is normal press Advanced Then Proceed to {IP} (unsafe). The reason this is happening is because pfsense is using a self signed certificate.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-23.jpg
  2. You should be at the login page now. The default username and password will be admin / pfsense.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-24.jpg
  3. After login you should be here now. Click on Next.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-25.jpg
  4. Click on Next.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-26.jpg
  5. Click on Next. (optional) You can choose to make changes here to the Hostname or DNS servers.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-27.jpg
  6. Chang the time zone the is nearest to your location. Click on Next.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-28.jpg
  7. Nothing to change here… Click on Next.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-29.jpg
  8. Change the admin password… Click on Next.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-30.jpg
  9. Click on Reload.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-31.jpg
  10. Click on Finish.
    • cdn.sesipod.info_sesipod.info_pf-vpn-pf-ports_pg1_pf-vpn-pf-ports-32.jpg

pfsense is now read for use.

Continued on page 2