@steveb53 You could get one of the little GL.iNet travel router boxes. These things allow you to connect to a WAN over a bunch of different ways: smart phone tethering, direct ethernet cable, 3G/4G USB modem, or even over a wifi connection. I use one of these in a pinch, and it works great. There are newer models, with antennas and faster CPU processors, so plenty of options. https://www.amazon.com/GL-iNet-GL-AR750-300Mbps-pre-Installed-Included/dp/B07712LKJM In the manual, here's the specific section on the supported WAN connections. You're looking at using the "repeater" function to be able to get to the community wifi, like you say... https://docs.gl-inet.com/en/3/setup/gl-ar750/internet/

@viragomann Wow that I didn't see coming... what a good and quick fix! Thanks! It is solved.

@vfisher You need also to push the route to the remote IP to the OpenVPN clients, of course. So you have to add "172.31.17.150/32" to the "IPv4 Local Networks" in the server settings. Have you done this already? Also ensure that firewall rules on the VPN interface allow access.

@viragomann i setup outbound NAT, source "This firewall", destination "IP of the radius server", NAT address "CARP WAN IP". when i go into diagnostic to test radius auth, it does not authenticate.

@pgs said in XG-7100: Can't get pppoe to work, any advice?: If one has an explanation why VLAN on the modem must not be set, I'd be pleased. I only know that Vlan7 has to be set in modem OR router - why its not working if its set on both I have no technical explanation - maybe the Deutsche Telekom can answer that ;-) Draytek Advice

@viragomann Didn't know it was this plain simple. Many thanks!

Yes, virtual IPs is the correct way, but this f..k Fritzbox The routes are looking the same... pfSense routes: Destination Gateway Flags Use Mtu Netif default WW.XX.YY.201 UGS 6859567 1500 vtnet0 ... WW.XX.YY.200/29 link#1 U 307660 1500 vtnet0 WW.XX.YY.205 link#1 UHS 188 16384 lo0 ... OPNSense routes: Proto Destination Gateway Flags Use MTU Netif Netif (name) ipv4 default WW.XX.YY.201 UGS NaN 1500 vtnet0 WAN202 ... ipv4 WW.XX.YY.200/29 link#1 U NaN 1500 vtnet0 WAN202 ipv4 WW.XX.YY.202 link#1 UHS NaN 16384 lo0 Loopback ipv4 WW.XX.YY.203 link#2 UHS NaN 16384 lo0 Loopback ipv4 WW.XX.YY.204 link#5 UHS NaN 16384 lo0 Loopback ... I really don`t understand the difference between OPNSense and pfSense in this topic...

@bob-dig said in No routing between local networks: @gueaje Just start over freshly. Will need to find time later, probably over long weekend. Currently can't afford downtime due to work from home.

I also emphasize that all the VPN of the Branches are under the same public IP

Hello Ilyaa, Have you obtained clarification on this issue? I'm also looking into this in CE version 2.6, please give me a light. Thank you

@mcury didn't figure it out still. Our configs are similar, just that I use 1 wireguard instance currently. NAT outbound is different. Another thing I noticed was that when I switch to WAN as default gateway, my IP address uses the public ISP IP address even when wireguard is on. I'll keep digging... If I cant figure out I might switch VPN providers to mullvad...

@nogbadthebad said in Multiple networks on the same VLAN: https://docs.netgate.com/pfsense/en/latest/interfaces/qinq.html Hi @nogbadthebad! Unfortunately, I tried looking into it before setting the whole thing up (with the idea of creating an "overlay" between the hypervisors), but I found reports of it not being possible on my hosting provider. To be honest, I did not try myself (also because I did not want issues with reduced MTU). I sent a ticket to the support, but I'm not feeling lucky about this

While old, in case anyone stumbles upon this, I had to allow the LAN-assigned IP for the Google router as a rule. This allows ALL wifi traffic to the LAN. From there - and for me - I just set the rule to a specific IP and port on the LAN.

@shanev said in Outgoing internet traffic out IPSEC tunnel: There are no floating rules and yes there is a pass rule on the WAN. Like I said it works just fine without the ipsec tunnel. The rule is responsible for the proper routing here, therefor I'm asking holes. To ensure that the rule is applied, enable its logging and check the firewall log. What pfSense version are you on?

@vincentjanv Consider that the traceroute UDP packets may be blocked as mentioned in the GUI. Better to use ICMP for testing. Also possibly your destination devices block access from outside of the subnet they reside by their own firewall. That is the default behavior of Windows and most Linux machines. So maybe you have to allow access from outside by the devices firewalls.

@departy said in Cannot initiate HTTPS connection from any type of VPN: Now question is why LAN (10.10.0.1) could have established connection with 192. What was talking to what - from your routing table your have 3 different networks there attached to your esxi host. Are you overlapping those IPs on the same L2? Do you have multi homed devices (interfaces in more than 1 network)? vmk - those are you vmkernal networks? Why would you have more than 1? I could see putting different vms on a different network. But have never setup esxi with vmkern in more than 1 network.. Multi homing devices is almost always a bad idea ;) Can lead to asymmetrical traffic flow is normally the problem. If you have a completely isolated san that is different.. My nas and pc are multi homed, but only in the sense that they have an isolated network that they can talk to each other at 2.5ge for file movement, a san if you will.