esupportsquirrel

Basically I am trying to make my pfsense a transparent firewall but ONLY on the VPN interface. So that pfsense authenticates the VPN connection but once connected to VPN, everything immediately bypasses pfsense and all the VPN user sees is direct connectivity to the internal network as if they were not remote.

Oh, I have a specific plan and NAT isn't an issue (it has been fixed). It's basically because I plan on hosting several servers at home but want my internal network physically segregated (I could do it virtually but defeats many of my intended purposes).

Hi everyone, feel like my posts are all about Networking issues but it's my weak point. So here's the issue: Current Network setup: Internet -> Pfsense (with OpenVPN) -> Unifi USG -> Network I have everything running smoothly and correctly EXCEPT my OpenVPN. I can still connect (I had it previously set up) and properly access devices on the same subnet as the pfsense router BUT I want to forward ALL traffic of anyone who connects via OpenVPN straight on through and allow access to the Unifi USG's internal network. I know it's probably a simple stupid routing rule or something (most likely on the pfsense side) but I haven't figured out how to do it. Any thoughts?

Thanks everyone for the help on this. I managed to get it all figured out and working properly. I was just WAY overthinking it.

I am not sure why I didn't think of this sooner (probably brain needed coffee) but one of my managers was like "oh! you mean a DMZ setup!". This is what I was trying to do, lol. Now I just gotta DO it... Thanks everyone!

Yes, I expect very low traffic. My goals are basically to eventually move from web hosting to internal hosting for the website, which will enable things like being able to do a minecraft server, my personal web server and some other family stuff. I should also say that I run openVPN currently on the pfsense. Not trying to make things overly difficult but I was also trying to do a "Defense in Depth" type strategy. I'm starting to think it'd just be easier to take pfsense out of the equation (the USG costed some money so I at least want to use it) and install OpenVPN on the USG (found some tutorials on that but was hesitant to do so since the current setup works so well). Yes it would be fun to tinker but it's getting a little too complicated of a project, lol.

I thought it would be the best way of doing it. I could be wrong and that may be why I can't wrap my head around how to do it.

Actually I was trying to set it to static...but it might be a better idea to set it to DHCP and turn DHCP on in pfsense too... I want them in line: Internet -> pfsense -> usg -> internal network.

The problem isn't the DHCP or even the switches, it's that I can't wrap my head around how to route from the USG to the pfsense.

I have 1 DHCP that will be serving the inside of the network. My intent is that if pfsense goes down, I lose internet but the internal network will be fully working.

So I should disable NAT on the USG and that should fix the issue?

I have it set as a router. I want it to route all internal network traffic so that if pfsense goes down all I lose is the internet. Perhaps the diagram would help.

Hello everyone, long time viewer but this is my first time on the forums. So I have a Unifi USG and I am trying to put it In-Line with my pfsense gateway (that way I can properly separate home network traffic from disruption if my website is DDoS'd when I get around to moving it in-house). I am aiming to do something like this. ISP Modem | pfsense router | unifi USG / Internal Router | Home Network I can't figure out how to properly configure the USG and pfsense to act well and be accessible. I can get pfsense to work properly for routing OR I can get the USG working properly but I can't do both. Any ideas?