Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Stretched LAN cannot 'route' to other VLANS

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 381 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cerberus128
      last edited by

      0_1551804275576_RMS.png

      My EXISTING and FULLY FUNCTIONING 2 site setup. The Internet is GIG up and down to both sites (Symmetrical) so no worries about BW. The title is my ask. I would like to stretch 192.168.1.0/24 across the sites AND successfully route to the other VLANS on the other site.

      I did 'part' of this already once.

      • I setup em1 as 192.168.1.1/24 on one pfSense (2.4.4), and em1 to 192.168.1.254/24 on the other (also pfSense 2.4.4).
      • I setup a IPSec TAP - Shared Key Server and Client and brought them up successfully
      • Bridged each em1 to IPSEC (on each respective pfSense)
      • I added to necessary rules (to IPSec, and BRIEGE0 etc)

      Everything worked FINE if i was pinging on that LAN (ping from site 1@192.168.1.3 to 192.168.1.7@site 2 worked perfectly as expected) [and YES, I know ping is L3, not L2, which is what A BRIDGE 'stiches together'). However, I could NOT get to any of the devices (or 'router interfaces' - ..*.1/24) on the VLANS from their respective other side and I could not figure out how to add a route for them, which i am confident is the issue, but i am not sure what would have been the right answer and/or place to do this. I did NOT add the bridge as an Interface, as even if i did that (and i did, and yes, enabled it), i did not know what IP to give it. But my inkling is: should that have been the router address (192.168.1.1 on site 1 and 192.168.1.254 on site 2)?

      Is this possible to do? Have i come up with a 'logically' possible idea, but physically/realistically it cannot be done? My other thought was i watched many of the monthly pfSense hangouts and i recall a 'throwaway' comment was that one cannot do this with Shared Keys? I need to setup a SSL Cert for this? Some guidance and suggestions would be most welcome. I am not easily able to look at getting a SG7100 or other devices as I already bought the Protectli that are in use (and I LOVE!). So my budget has mostly been spent already so while I can appreciate an suggestions like that, it will more than likely not be within my reach for a quick solution.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.