Static route for avoid double NAT
-
The red one.
In the yellow you might want to change the source address accordingly.
Also remember, that you have to change the source in the outbound NAT rule on the VPN interface to the new network.
-
@viragomann I would like to tell you a big thanks, now everything start working over VPN! What I have now Asus router in router mode, because want to use QOS , statistic and etc and eliminated double NAT. Thank you my friend))) Tried to make to work this static route a few times without success, now I'm happy)))
-
@viragomann said in Static route for avoid double NAT:
Also remember, that you have to change the source in the outbound NAT rule on the VPN interface to the new network.
That was a point))))
-
@viragomann But in this settings pfSesne firewall will logging this network 192.168.100.0/24 and pfblockerNG will see this network?
-
@Antibiotic
Yes, for pfSense. pfBlocker will not care about networks by default. Just ensure that the ASUS interface is selected in "Outbound Firewall Rules". -
@viragomann Ok)))
-
@viragomann What I do not understand, for example on Asus router DCHP server switched off and me thought that devices connected to Asus router should have IP in range from DCHP of pfSesne router. Let's say 192.168.20.122 can you please explain this? or could be better to leave DCHP server on ASus router ON?
-
@Antibiotic
Pulling an IP from pfSense would only work, if the Asus router supports DHCP relaying. But I don't think, that it has this option.DHCP requests don't pass a router otherwise.
If not, you will have to enable the DHCP server on the router.
Or you set it into AP mode (layer 2 bridge) if possible. In this case you would have to change the rules back to Asus subnet sources. -
@viragomann Ok)))
-
@viragomann I will get back DCHP server on Asus router , but do I need to make ON Advertise router's IP in addition to user-specified DNS
" -
@Antibiotic
No, this would set clients DNS to the routers IP.
As DNS server enter the IP of pfSense, presuming you're running DNS resolver or forwarder. -
@viragomann How better in this config connect router and pfSense ? pfSesne LAN to router WAN or LAN? or doesn't matter? Because me filling very small delays when browsing now! Do not understand the cause of this. Looks like delay in dns resolving
-
@Antibiotic
The wifi is possibly bridged to the LAN ports. So when connecting to the LAN, the wifi clients are in the same L2 with pfSense.
It this is the case you would be able to use the DHCP on pfSense.However, I'm not expecting, that there is a measurable delay, when you connect to its WAN.
-
@viragomann Hello again, everything is working fine. But sometimes have a delay in opening sites, like 1,2 sec delays. Looks like resolving delay. Could you please give a tip, what to check? Here are my settings:
Unbound " network interfaces " also checked all local interfaces as well and " outbound network interfaces " only localhost
