Inter-Vlan Routing Accross VPN
-
I feel really dumb now.. The firewall rules was the only Issue with it not connecting. I'm going to play with the multiple subnets this weekend but it's looking promising. Seems to have much less over head than IPsec does too
-
To error is human… And a little funny when its someone else erroring :D
I feel your pain. I've been there.
For what its worth, you sound wicked smart and fast learner.
-
FYI, this is working great It's been in production for a while now. Great throughput even over TINC VPN
now the only thing I wish I could figure out is how to get Pfsense to do local dns lookup for dhcp client that don't specify a domain, just a hostname.
-
Services > DNS forwarder
Options there don't get you what you want?
-
It works if I do an NSlookup/ping for Computer.localdomain but just computer does not work. if I do the nslookup or ping from pfsense itself it works with just the computer hostname.
-
I wonder if a ubuntu machine with Samba 4.0 set up as a WINs server would help?
-
Oh yeah I fogort how DNS works there :)
I wonder if there is a pre-made WINS Server VM for ESXI lol.
-
Probably - But its stupid easy to make your own and you have demonstrated the ability. I think it would be a piece of cake for you. Just set it up to act as your DC.
-
I only needed DNS to work from Staff Vlans -> Public and not vice versa. Our staff vlan doesn't use pfsense for DHCP/DNS it uses our domain controllers
So what I did was.
Make each pfsense box a different domain so they would be appended different dns suffixes to the hostnames
On the DNS Server on the domain controllers I setup conditional forwarders for Pfsense domain
and In Group Policy Set DNS Suffix Search List to a comma seperated list with our Windows Domain being first and the pfsense domains after. -
That sounds fun… Did it work?
-
It's working great so far. Sadly, if I intergted to sync between DNS Server/Active Directory it fails, but if I put it manually on each of them it works fine.
-
jfinnigan, I have a few setup related questions about tinc.
Under VPN –> Tinc --> Hosts
Should the public key be the same as the one used in the Config section? -
The ones under Hosts should be the public key from the other Hosts you are connecting too, not the same as the public key you configured on that box. (for security all hosts should use different public/private keys)