Pfsense reading wrong ip address in system logs
-
If pfSense sees the computer as 192.168.1.150 whereas it realy has 10.10.10.212 than your OpenWRT makes NAT for it.
Why do you try to bypass this computer from VPN on pfSense? Just set a static route on OpenWRT to direct its traffic to WAN.
-
Yea I know, but I'm curious as to why pfsense is doing this.
What i'm confused if openwrt is making a nat, how can pfsense see it in the first place with arp?
I can ping 10.10.10.212 from pfsense -
It's not pfSense doing anything like this. You are double-NATing.
-
Dude your drawing shows both wan and lan of pfsense plugged into ports on the router running openwrt switch ports? WTF???
-
Nice loop… the whole setup makes a lot of "sense"... Keep getting amazed every day what kind of complete BS are people able to invent.
-
Look the lan rules, wan network as your source in your lan rules?
Sometimes I just at a complete lack of words to how people think this through… When would that rule come into play???
-
Dude your drawing shows both wan and lan of pfsense plugged into ports on the router running openwrt switch ports? WTF???
The ports are vlan'd on openwrt.
The lan port of pfsense plugs back into openwrt, and I have openwrt set that the computers go through that interface.
-
Look the lan rules, wan network as your source in your lan rules?
Sometimes I just at a complete lack of words to how people think this through… When would that rule come into play???
The first firewall lan rule?
wan isn't the source, it's the gateway the connection should go through. -
Nice loop… the whole setup makes a lot of "sense"... Keep getting amazed every day what kind of complete BS are people able to invent.
You realize I can just toss the setup away at any time right?
I just want to know why pfsense reads the ip in the system logs as 192.168.1.150 when I can ping 10.10.10.212 from pfsense and the other way around.The whole reason the setup is like this is because the wndr3700 supports vlan tagging. It also supports multiple gateways with mwan3. The problem is if I had openwrt connect to the vpn server I can only get around 20megabits even with the cpu overclocked to 800mhz. So I just hooked up pfsense behind it and used that for the vpn processing.
I could just get rid of the wndr3700, but the ipv6 implementation works a lot better than pfsense by default for Comcast users. There's a large thread on dslreports about that.
EDIT: I got it, I just had to disable ip masquerading on openwrt.
You guys could have mentioned that instead of bashing btw -
You realize I can just toss the setup away at any time right?
Yes, so do it… yesterday was too late.
EDIT: I got it, I just had to disable ip masquerading on openwrt.
You guys could have mentioned that instead of bashing btwYou have been told at least twice that you are double-NATing.
