Howto set upp "lan to lan"?

jahonix

First get your VPN up 'n running.
Lots of threads exist in this forum and there are detailed HowTos in the Wiki.

After you're done with that go to the remote pfSense and at  Services | DHCP relay  specify the IP of the master network's DHCP server. But usually you don't need that with a properly configured pfSense with local DHCP et al. Routing and ruleset should be done by the gateway and not at the clients individually.

Guest

@jahonix:

First get your VPN up 'n running.
Lots of threads exist in this forum and there are detailed HowTos in the Wiki.

After you're done with that go to the remote pfSense and at  Services | DHCP relay  specify the IP of the master network's DHCP server. But usually you don't need that with a properly configured pfSense with local DHCP et al. Routing and ruleset should be done by the gateway and not at the clients individually.

I just cant find a howto that helps me in the wiki, this is what i found and it doesent seem to be what i want
http://doc.pfsense.org/index.php/VPN_Capability_IPSec

whooohoo..got tunnel running( ya i know it´s been done before me)

just trying to get a ip from interna dhcp server, not doing good atm

UPDATE1: I´m only getting a ip from external net on the remote machine when i´m using bridged mode, i tried the DHCP relay but no good, any pointers?

/F

Guest

Ok, tunnel is up´n running, but i dont get correct ip on the remote location inside(office ip)
all i been able to get is eather 192.168.x.x(same subnet interal nic have) or a ip from remote location isp(same net as the external nic have)
or a ip from remote location isp

Hard to explain, hope this makes any sense to you gurus ;)

this is what i wanna accomplish
office location
internal ip = trunk or access vlan from what i gather?
external ip = ip on offices dmz´a

remote location       
internal ip = same as at the office
external ip = what the "unknown" isp gives it

any ideas or want me to explain more?

regards /Fredde

Guest

This is starting to bug me..i´m sure it´s a simple thing i´ve missed, but i cant figure out what

i reinstalled boxes with 1.0.1

got tunnel up´n running
running one with static and one with dhcp

i can get from remote vpn internal net to static vpn external ip.

problem is that i dont get any traffic past the static(main box) vpn machine

and if i add say www.google.com(64.233.183.0/24) to "remote subnet" i´m not able to access that eather

ideas plz

regards /F

GruensFroeschli

you need to add an advanced outbound NAT rule on your main machine that NAT's traffic from your remote subnet out to the internet.

Guest

@GruensFroeschli:

you need to add an advanced outbound NAT rule on your main machine that NAT's traffic from your remote subnet out to the internet.

awsome, that worked like a charm.

Now to the final task for me..how do i go about if i want to recive ipadresses from the office dhcp server to the remote vpn box.

tried the dhcp relay without success, i´m sure it´s something to do with eather rules(cant find anything in logs) or nat.

EDIT1: here is a guy at m0n0wall forum wanting the same thing as me.
http://forum.m0n0.ch/index.php/topic,12.0.html

regards /F

GruensFroeschli

How did you setup the DHCP-relay?
You have to specify an address on which actually a DHCP-server is running.

but why do you want to have the DHCP in a different location?
if the link goes down your remote clients wont be able to get an IP.
couldnt you just setup a DHCP on your remote pfSense?

Guest

@GruensFroeschli:

How did you setup the DHCP-relay?
You have to specify an address on which actually a DHCP-server is running.

but why do you want to have the DHCP in a different location?
if the link goes down your remote clients wont be able to get an IP.
couldnt you just setup a DHCP on your remote pfSense?

well the answer is that we dont want the remote boxes to handle the dhcp because then we would tie up several ip´s on remote boxes ie we want to make better use of ip´s when we have several remote vpn´s, it is also required that we run all their traffic trough the vpn hence controlling what they are surfing at and so on.

hope this answers your question.

what settings would i have on the remote / main machine to make that setup work?
i get it with the dhcp relay but then what?

/F

Guest

i also want the possiblity to have a cisco switch at the remote end(with trunk and sharing of ip´s from internal net)

is that possible?

/F

Guest

I´m not sure what i´m doing wrong here, but i dont get the dhcp-relay working of ipsec, is that possible in the first place?

Also Trying to trunk 2 vlans from a cisco without success, i have setup the vlan and correct tagging(as they come from the cisco), but i cant get the inside(remote vpn) cisco working, cant even see info with cdp.

How should i set up the trunkport?.
Should the lan interface be bridged with the native vlan from the cisco and then the second vlan bridged with lan?

I´d be one happy pfsense user if i could get any of those to scenarios working ;)

regards /F