[kwlug-help] Openvpn assistance request.
paul_nijjar at yahoo.ca
Fri Aug 19 19:43:36 EDT 2011
On Fri, Aug 19, 2011 at 06:49:30PM -0400, Chamunks Arkturus wrote:
> > Would running pfsense in a vm on that machine be practicable?
> The issue I have with this Ubuntu/Minecraft server is that its just a thin
> client running some low powered intel processor.
> I do happen to have a box slotted to be used as a PFSense box and I
> even believe it has it installed to a CF-IDE card just waiting for
> me to install it into the network but I'm hesitant to need to run
> another computer but with my aforementioned routing setup it could
> work well as such.
I agree that running a second box just for a firewall is kind of a
waste. There are cute boxes like the ALIX boards that will do this
without using much electricity or heat, but then you are dropping
another $120 for a router. (pfSense is being migrated to MIPS, but I
think it is not ready yet.)
> First portion handles my MLPPP
> > Dsl-Link1---WRT1 (WAN Port-Vlan1)
> > Dsl-Link2---WRT1 (LAN Port1-Vlan1)
> > WRT1(Vlan1)---PFSense (Red Port)
This much looks good.
> Second Portion Handles my LAN
> > PFSense(Green Port)---WRT1 (Lan Port2-Vlan2)
> > WRT1(Vlan2-Wifi-Cat5-Ports[3/4])---Rest of home network
I don't think this needs to be so complicated. Why don't you just
connect the Green Port (LAN) of pfSense to a dumb switch rather than
trying to feed it back into your router? You can do that if you want,
but unless you don't have another switch someplace I would not bother
with this complexity.
But yes, I think this could work. We have a setup at work that is
pretty similar to this: we have a Bell DSL modem/firewall which gives
a DHCP address to our pfSense box, and the pfSense box is connected to
the rest of the network. OpenVPN is running on the pfSense box (but it
is a client, not a server, so we are not port-forwarding anything).
Another option is to ditch Tomato and go with pfSense directly. Some
people have gotten MLPPP to work on pfSense, but it is a hack. See:
for a good starting point for the state of the art. I figure that
customizing pfSense for this could be tricky, though.
Are people connecting to your Minecraft server now? If so what are
More information about the kwlug-help