Secondary subnet not able to access pfSense on LAN interface (DNS service)

chris567

Hi,
I have a set with 2 routers.
pfSense is connected to internet router on WAN interface and to internal LAN on LAN interface.
LAN subnet is 192.168.192.0/24

I have a client on the 192.168.192.0/24 subnet, I'm able to https to pfSense (192.168.192.100) and use pfSense as the DNS resolver

But I have another router which is used for vpn access.
vpn clients get an ip on the 192.168.0.0/24 subnet

they can reach the machines on LAN subnet, but can't access the pfSense box (https/dns/ping).

My main issue is that I want them to use the DNS of pfSense.
If I point my vpn clients to another DNS on the LAN subnet it works, but this is the legacy DNS I want to replace with pfsense.

So the question is how can I access pfsense on the LAN interface from a different secondary subnet ?

I have allowed any to access on ports 443, 53 LAN interface

I also have set in System /Advanced /Firewall&NAT
Static route filtering  X Bypass firewall rules for traffic on the same interface

Thank you for your help

viragomann

Add a static route for 192.168.0.0/24 pointing on the other router.

chris567

Thank you it solved my issue.
I'm surprised my legacy DNS server didn't need the static route as well.

viragomann

Me too. Maybe you have replaced the other router by pfSense, but the legacy DNS server still uses the old router as gateway?

chris567

you are right !
Thank you.