Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 28 subscribers
  • Views 2125 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question about coming from pfsense to sophos

Martyn Campbell

Hi,

 

I am wanting to move from pfsense.  I have been using it for 2 years, largely without issue until I wanted to use a nic to run behind a PIA vpn.  I asked the question in the forums to be rather aggressively told it could so then began my nightmare journey.  I spent days trying to do this, I followed a guide from PIA themselves on how to achieve this only to find it not working as expected and getting barked at by the moderator at pfsense telling me that pia and their users are useless it's all wrong do it like this etc. This has gone on for days, abusive responses to all of my questions so I have decided to leave pfsense, I am not a network engineer which is what it appears I am expected to be.  When I did actually get it running (from reddit forums and youtube videos) I had dns leaks & the killswitch did nothing.

I currently have the following hardware

Model: HP Gen8 Microserver
M/B: Version - s/n:
BIOS: HP Version J06. Dated: 01/22/2018
CPU: Intel® Core™ i5-3470T CPU @ 2.90GHz
HVM: Enabled
IOMMU: Enabled
Cache: 64 KiB, 512 KiB, 3072 KiB
Memory: 16 GiB DDR3 Single-bit ECC (max. installable capacity 16 GiB)
Network: eth0: 1000 Mbps, full duplex, mtu 1500
eth1: interface down

I also have a 4 port nic with a bt modem going into port 1

LAN network on port 2

UniFi network on port 3

Port 4 I would like to be the vpn network (PIA if possible) with no dns leaks & a kill switch

 

I run unraid on this server and pfsense is running as a VM

 

Is Sophos right for me? if so, which version? Would I be able to acheive what I am looking to do?

 

Many Thanks in advance! :-)



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Welcome to the Community!

     

    already answered some of your questions, now let's talk about PiA VPN.

    Apparently the main way to connect with PiA VPN is OpenVPN, which won't work with Sophos XG, your best bet, and practice would be to create an IPsec tunnel for PiA, which is fully supported by PiA.

    On Sophos XG v18, the process would be standard, first set up the IPsec tunnel as a Tunnel Interface, with all settings from PiA, also you will need to authenticate as a client with your PiA Account, after it create the new VPN Server IP as Gateway for it on Sophos XG, then you could decide what you want to route on the VPN.

    If you want everything from the Port4 to be sent to PiA, you can create a SD-WAN Policy for this, while using PiA VPN as the primary gateway, as for the Kill Switch, as your sending all traffic over the PiA Gateway, if that Gateway goes down, your traffic will go down too.

    For DNS Leaks, the same applies for Kill Switch, everything will be routed to the PiA VPN, also for something better, you could create a NAT Rule and redirect all DNS Traffic to the PiA VPN DNS Servers.

     

    I'm sorry, I know this information are pretty vague, but much of it you will learn by doing it.

     

    Thanks!

     

  • 0 in reply to Prism

    This is fantastic! thank you for your great replies! at least you have not made me feel like I am something on the bottom of your shoe which is what I was unfortunately used to.

     

    I have just installed Sophos as a VM on one of my unraid servers but cannot complete the install as I am currently using the 4port nic in pfsense so I will tackle this tomorrow.  Hopefully it wont take too long to configure a usable system so the kids won't go too mad :-)  

     

    Thanks again for your warm replies, I am looking forward to getting going :-)

Reply
  • 0 in reply to Prism

    This is fantastic! thank you for your great replies! at least you have not made me feel like I am something on the bottom of your shoe which is what I was unfortunately used to.

     

    I have just installed Sophos as a VM on one of my unraid servers but cannot complete the install as I am currently using the 4port nic in pfsense so I will tackle this tomorrow.  Hopefully it wont take too long to configure a usable system so the kids won't go too mad :-)  

     

    Thanks again for your warm replies, I am looking forward to getting going :-)

Children
No Data