Inter-Vlan Routing Accross VPN

jfinnigan · Aug 2, 2013, 12:40 AM

I feel really dumb now.. The firewall rules was the only Issue with it not connecting. I'm going to play with the multiple subnets this weekend but it's looking promising. Seems to have much less over head than IPsec does too

kejianshi · Aug 2, 2013, 12:43 AM

To error is human… And a little funny when its someone else erroring :D

I feel your pain. I've been there.

For what its worth, you sound wicked smart and fast learner.

jfinnigan · Sep 24, 2013, 6:41 PM

FYI, this is working great It's been in production for a while now. Great throughput even over TINC VPN

now the only thing I wish I could figure out is how to get Pfsense to do local dns lookup for dhcp client that don't specify a domain, just a hostname.

kejianshi · Sep 24, 2013, 7:21 PM

Services > DNS forwarder

Options there don't get you what you want?

jfinnigan · Sep 24, 2013, 8:19 PM

It works if I do an NSlookup/ping for Computer.localdomain but just computer does not work. if I do the nslookup or ping from pfsense itself it works with just the computer hostname.

kejianshi · Sep 24, 2013, 8:26 PM

I wonder if a ubuntu machine with Samba 4.0 set up as a WINs server would help?

jfinnigan · Sep 24, 2013, 8:45 PM

Oh yeah I fogort how DNS works there :)

I wonder if there is a pre-made WINS Server VM for ESXI lol.

kejianshi · Sep 24, 2013, 8:51 PM

Probably - But its stupid easy to make your own and you have demonstrated the ability. I think it would be a piece of cake for you. Just set it up to act as your DC.

jfinnigan · Sep 25, 2013, 1:33 PM

I only needed DNS to work from Staff Vlans -> Public and not vice versa. Our staff vlan doesn't use pfsense for DHCP/DNS it uses our domain controllers

So what I did was.
Make each pfsense box a different domain so they would be appended different dns suffixes to the hostnames
On the DNS Server on the domain controllers I setup conditional forwarders for Pfsense domain
and In Group Policy Set DNS Suffix Search List to a comma seperated list with our Windows Domain being first and the pfsense domains after.

kejianshi · Sep 25, 2013, 1:39 PM

That sounds fun… Did it work?

jfinnigan · Sep 26, 2013, 8:07 PM

It's working great so far. Sadly, if I intergted to sync between DNS Server/Active Directory it fails, but if I put it manually on each of them it works fine.

thetallkid · Sep 27, 2013, 2:29 PM

jfinnigan, I have a few setup related questions about tinc.

Under VPN –> Tinc --> Hosts
Should the public key be the same as the one used in the Config section?

jfinnigan · Sep 30, 2013, 2:35 PM

The ones under Hosts should be the public key from the other Hosts you are connecting too, not the same as the public key you configured on that box. (for security all hosts should use different public/private keys)