[kwlug-help] Openvpn assistance request.

Paul Nijjar paul_nijjar at yahoo.ca
Fri Aug 19 19:43:36 EDT 2011

On Fri, Aug 19, 2011 at 06:49:30PM -0400, Chamunks Arkturus wrote:
> >
> > Would running pfsense in a vm on that machine be practicable?
> The issue I have with this Ubuntu/Minecraft server is that its just a thin
> client running some low powered intel processor.

> I do happen to have a box slotted to be used as a PFSense box and I
> even believe it has it installed to a CF-IDE card just waiting for
> me to install it into the network but I'm hesitant to need to run
> another computer but with my aforementioned  routing setup it could
> work well as such.

I agree that running a second box just for a firewall is kind of a
waste. There are cute boxes like the ALIX boards that will do this
without using much electricity or heat, but then you are dropping
another $120 for a router. (pfSense is being migrated to MIPS, but I
think it is not ready yet.) 

> First portion handles my MLPPP
> > Dsl-Link1---WRT1 (WAN Port-Vlan1)
> > Dsl-Link2---WRT1 (LAN Port1-Vlan1)
> > WRT1(Vlan1)---PFSense (Red Port)

This much looks good. 

> >
> Second Portion Handles my LAN
> > PFSense(Green Port)---WRT1 (Lan Port2-Vlan2)
> > WRT1(Vlan2-Wifi-Cat5-Ports[3/4])---Rest of home network

I don't think this needs to be so complicated. Why don't you just
connect the Green Port (LAN) of pfSense to a dumb switch rather than
trying to feed it back into your router? You can do that if you want,
but unless you don't have another switch someplace I would not bother
with this complexity. 

But yes, I think this could work. We have a setup at work that is
pretty similar to this: we have a Bell DSL modem/firewall which gives
a DHCP address to our pfSense box, and the pfSense box is connected to
the rest of the network. OpenVPN is running on the pfSense box (but it
is a client, not a server, so we are not port-forwarding anything). 

Another option is to ditch Tomato and go with pfSense directly. Some
people have gotten MLPPP to work on pfSense, but it is a hack. See: 


for a good starting point for the state of the art. I figure that
customizing pfSense for this could be tricky, though.

Are people connecting to your Minecraft server now? If so what are
they doing?

- Paul


More information about the kwlug-help mailing list