Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How can I tell pfSense that a certain gateway can also be used as default gatrway?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 225 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • senseivitaS
      senseivita
      last edited by

      How can I route back through a tunnel while still maintaining access to the subnets in the tunnel and without adding NAT?

      For example: a main network is connected to a remote site through a tunnel, both sides can reach each others subnets without problems but clients on any given network. To leverage the additional public IP address, resources are published on the remote network but, unless there's a second network adapter on the hosts themselves, routing back will fail because the main firewall will block reply attempts because they are asymmetrically routed.

      adding routes through remote network.png

      Basically I want to make the tunnel network, or what lies ahead of it a second WAN without policy-routing it while maintaining access to its subnets which are on the RFC1918 space.

      Is this possible?

      Thanks for your help. :)

      Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Yeah you would have to source nat for that to ever work.. Since you don't know what the source IP would be, how could you route it back to the remote site? So you have to source nat the traffic as it goes over to the main resource - so it send answer back to remote site pfsense to go back to the internet via that public IP.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 1
        • senseivitaS
          senseivita
          last edited by

          You just made it make sense.

          I had been going over and over about going around the default route but I kept coming up with nothing because traffic was going to the Internet (AKA the default route), therefore it had to take the default route to get there. It made no sense. ☹️

          Thanks a million for your help!

          Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.