Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Layer 3 switch to pfsense

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 681 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wolfgangbucher
      last edited by

      Hi,

      I have a layer 3 switch with lot of vlans, adresses 10.30.x.x/24.
      The switch as ip 10.30.3.254.

      pfsense has 10.30.3.1

      Internet form all hosts works fine, but i also have a ipsec tunnel to network 10.40.0.0/16.
      The tunnel is up and i can ping from 10.40.x.x to 10.20.3.254, but all other networks i cannot reach. From pfsense lan interface i can reach all networks.

      I have added a static route 10.40.0.0/16 gw 10.30.3.254.

      Can anybody help me?

      Thanks
      Wolfgang

      1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator
        last edited by

        Why have you added

        I have added a static route 10.40.0.0/16 gw 10.30.3.254.

        and routed it to the switch instead of pfSense? Also I don't understand how those 10.30.x.x/24 networks are set up. Do they all have the switch .3.254 as their default gateway (or the switch's corresponding gateway IP in that subnet) or is pfSense the gateway in every 10.30.x network?

        Also how is your phase 2 IPSEC on pfSense defined? 10.40.0.0/16 is the remote location. Did you use 10.30.0.0/16 as local network so the other side can reach all 10.30.x networks?
        Do your firewall rules match that?

        If your switch on the 10.30.x.x network segment is the default GW for every VLAN then it needs a route für 10.40.0.0/16 to point to pfSense on 10.30.3.1 so it can direct the traffic the right way to its VPN gateway.

        Greets

        Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 0
        • W
          wolfgangbucher
          last edited by

          Hello,
          thanks for reply.

          all networks on L3-switch have gateways 10.30.x.254/24 and all traffic for unknown nets are routed to default GW 10.30.3.1/24.

          The tunnel created P2 10.30.0.0/16 and 10.40.0.0/16.

          I think the firewall rules are ok.

          Thanks

          Wolfgang

          1 Reply Last reply Reply Quote 0
          • JeGrJ
            JeGr LAYER 8 Moderator
            last edited by

            @wolfgangbucher said in Layer 3 switch to pfsense:

            all networks on L3-switch have gateways 10.30.x.254/24 and all traffic for unknown nets are routed to default GW 10.30.3.1/24.

            OK if all 10.30.x.y networks have their their gateway on 10.30.x.254 and this is the switch you were talking, then your switch needs the 10.40.0.0/16 rule to route it to pfsense.

            Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

            If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

            1 Reply Last reply Reply Quote 1
            • W
              wolfgangbucher
              last edited by

              Hi,
              I found the mistake, it was a miss configured tunnel, i had LAN net as source, changed it to 10.30.0.0/16 and now its working.

              Thanks for spendig time.

              Cheers

              Wolfgang

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.