It's a while since I touched a Nexus switch with VRFs.

Shouldn't you have the following under the interfaces :-

ip vrf forwarding VRF_NAME

Also what's the HSRP and EIGRP commands doing there with a single switch, was there some config on the switch when you got it?

Firewall rules maybe ?

Firewall on the local clients ?

Do a packet capture the far end Diagnostics -> Packet Capture, is traffic flowing down the tunnel.

I don't actually use OpenVPN, just putting some ideas out there.

Thanks for your help Johnpoz, I'll investigate on this way (state table) to see if i can solve the problem ….

why are Aliases so unloved by the PfSense guru, where this feature has been touted as one of the strengths of PfSense, and what is the negative impact of their use?

Does PfBlocker NG derogate from this malaise with its Aliases hijacked features?

Thank you in advance for your answers.

The set-up is possible though, but the routes make zero sense.

@DemoNIck:

where:
for the WAN interface under pfSense:
General Settings:
IPv4 Configuration Type: Static IPv4
Static IPv4 Configuration: 10.0.0.254/24
IPv4 Upstream gateway: NONE
Reserved Networks/Block private networks and loopback addresses: NO
Block bogon networks: NO

Enter the ISP routers internal IP 10.0.0.1 as upstream gateway here.

@DemoNIck:

for the routing under pfSense:
System/Routing/Gateways/ADD:
Interface: WAN
Gateway: 10.0.0.1
Default Gateway: YES

The gateway is set automatically if you enter the IP in the WAN interface settings, as above.

@DemoNIck:

System/Routing/Static Routes/ADD
Destination Network: 192.168.254.0/24
Gateway: WAN

System/Routing/Static Routes/ADD
Destination Network: 10.0.0.0/24
Gateway: WAN

Why want you add routes for networks which are connected to pfSense directly? That's absurd.

@DemoNIck:

for the routing under my ISP's MODEM/ROUTER:
#route add -net 10.0.0.0/24 192.168.254.1

The same here.

On the IPS router forward the whole traffic to the pfSense WAN IP.

other factors are just examples….

thanks!

will try to create "load balancing"

is there a good HOWTO for that?
I have a freebsd decicated server on the internet… and pfSense...

The more information you share that is relevant..  The less you will have to pay for someone else to do it for you.  ;)

OMG, I am a friggin idiot.  when I copied the rules LAN 1 had, I copied them to the T.  I just needed to change the source from LAN net, to LAN2 net.  im such a moron hah.  Everything is working golden now.

https://doc.pfsense.org/index.php/Connectivity_Troubleshooting

crystalball.png
crystalball.png_thumb

They will configure the sonicwall on there end i just need to make sure that pfsense is routing correctly on my end

I'm not sure I understand your problem. Your switches can ping 8.8.8.8 so indeed they can talk to the outside world. What is what does not work? Regular hosts plugged onto those switches are the ones that can't?

Also, why all ports on all switches are set up as trunks? Shouldn't you have at least some access ports where you plug in your hosts?

This is dpinger logging parameters at startup. Nothing to be concerned about.

The Monitor ping seemed to do the trick.  Thank you for all of the help!

Yes. You may also realize that by a VLAN on your existing LAN cable. But if the vpn server has a LAN IP request from vpn clients to LAN devices will be sent directly to the the devices, while the LAN devices will sent their responses to the default gateway.

In addition you also need to add a route to the vpn server for the LAN network pointing to pfSense, of course.

Another way to resolve that is to add an static route for the vpn tunnel to each LAN device you want have access.

@everyone

I would like to thank you all for your advice and it was great advice.

I was able to achieve my goal and remove the Cisco switch. @heper's suggestion, I put the /29 network as the WAN address and since I already had the /24 as VIPs, everything worked like a charm.  Thank you for guiding me!  Tomorrow morning, I am heading to my satellite office and putting in another pfsense box with a ipsec site to site vpn. I can now have uniformity between my 2 offices (already got that working in my test lab!  :) ).

Thank you all for your help!

When you do a normal MLPPP connection on the router your DSL modems in bridge mode..  ( I used Zoom 5615 and 5715 models which are bridge only) you have an interface for each modem.  The interfaces can be set up with maintenance IP's or left without.

Then you set up a PPP      /interfaces_ppps.php    and use the ctrl key as you choose all the interfaces where your modems reside.  Fill in you user name and password.

I believe this is what your talking about…    I no longer use this setup as Im on a bonded circuit now at the shop but still have some info around.

mlppp.jpg
mlppp.jpg_thumb

@twinzco:

I have solved the issue.
You can see a link here: https://forum.pfsense.org/index.php?topic=105644.0
Just modified Data Payload from 0 to 1. And everything works fine!

Resolved my issue as well.