Set static route but cant port forward
-
I do this too. Have a remote site with fiber (Cisco router) and an ADSL into a pfSense for out-of-band access. For a couple hosts there we place static routes to all RFC1918 addresses back to pfSense (instead of the default gateway) so we can ssh directly to them over OpenVPN.
So if the fiber goes down we can ssh into something on the subnet and work FROM THERE.
IP routing just doesn't work like you want it to without an active routing protocol like OSPF on ALL INTERFACES on the subnet. And even that won't solve your asymmetric routing problem unless you use OSPF to swing the DEFAULT ROUTE from tmg to pfSense for the entire subnet - or at least the destination host in question.
You might also be able to do something with outbound NAT so, to other hosts on the subnet, connections would appear to come from the pfSense interface on the subnet making routing the return traffic out-of-scope.
Usually in an outage I'm just happy to be able to get in at all. Even if I have to chain a couple ssh sessions.
-
So create a host (linux or windows machine) on the same lan as the pfsense fw and give the host the pfsense gateway or the gateway of the vlan switch?
-
To accomplish what?
-
You said "for a couple of hosts" and i thought you meant you put couple of pcs on the same subnet as pfsense
What did you mean by hosts then
-
Tell your switch to route traffic from 172.16.8.100 to pfSense instead of the default gateway and it will work.
Put a host on the 10.10.20.0 subnet with pfSense as its default gateway and it will work.
But you will then have other issues like traffic from the subject host to other local assets.
-
Thanks all for everyones replies really appreciate it thank you
Rob
-
As i have enabled openvpn server on my pfsense fw and i can remotley vpn in to it i can access the remote lan but obviously not the other networks as the static routes dont work
I was wondering if i build a host on the same nwtwork ie a linux machine and make that machine use pfsense as the gateway and on the linux machine add static routes to the other network
If i install openvpn server on that linux machine will it manage to access the other networks aswell or just its lan network
-
I can't tell squat from "same network" (same network as what) or "that linux machine."
IP addresses, subnets, and routes. That's all that we need to try to help you. Specifics.
What, exactly, are you trying to accomplish?
OpenVPN is extremely flexible - especially with assigned interfaces, but it's still subject to IP routing rules.
-
Using this I can RDP/SSH etc into 172.26.45.100 from 192.168.223.100 and look at the entire network from behind the router if the Metro-E fails.
-
Same network i mean same network as the pfsense fw, its local network
And then on the linux machine i install openvpn server and it will be able to talk to the other networks, as i will add the static routes to the other networks on the linux machine
