VPN outbound gateway on home network to AirVPN

[madmanvep 0]

On my home network, I have a public IP and run a few public services (email server, web, etc). These have no need for AirVPN. On the other hand, all of my client computers I would like to run through AirVPN (laptop when I fire it up, tablets, desktop, etc).

 

I am thinking the easiest way to do this is to set up one box (a virtual machine) running as an alternate gateway on my network that is always connected to AirVPN. I could statically assign addresses and gateways to my servers, but then allow DHCP to route all client traffic through this alternate gateway (and thus through AirVPN).

 

My question, has anyone done this successfully. If so how?

 

I dont want to set up my router to connect to the VPN since I need to have services run through it from my ISPs static IP. I could run just about any flavor of linux or windows to get this to work if someone has a proven method.

 

I found a link to a similar project on the OpenVPN site, but the directions seem to be incomplete. I build three separate VMs trying to get it working, no luck. 

[pfSense_fan 181]

You can do this and more with pfSense... either by following my guide for three or more NIC's or by using selective routing and some creativity with the LAN subnet mask.

 

I have both clear net and VPN connectivity currently using multiple subnets for LAN (clear-net), VPN_LAN, XBOX (clear-net), VOIP (clear-net) and PRINTER (Local access only). I soon will be doing away with the separate subnets for LAN, VPN_LAN and XBOX. I likely will be using a subnet of 192.168.0.1 /18 (/24 is normal) which will give me an internal address range of 191.168.0.1 - 191.168.63.254 on my LAN.

 

Then by creating outbound NAT rules for VPN traffic (lets say 192.168.10.1 /24) and clearnet traffic (say for instance 192.168.11.1 /24) that direct/NAT the outbound traffic to the correct gateway, I can use policy routing in my firewall rules to ensure correct and leak free vpn/clearnet usage.

 

There are a few more steps involved with firewall rules, dhcp server and dns server settings as well as a few system settings but this is the gist of it.

 

This may all sound confusing now, but point is... you can do this quite easily with pfSense. If you use good equipment you will also have the benefits of having no noticeable speed degradation through the VPN, strong network security, and you can even get into using Suricata or Snort if you are up to it.