Secondary subnet not able to access pfSense on LAN interface (DNS service)

  • Hi,
    I have a set with 2 routers.
    pfSense is connected to internet router on WAN interface and to internal LAN on LAN interface.
    LAN subnet is

    I have a client on the subnet, I'm able to https to pfSense ( and use pfSense as the DNS resolver

    But I have another router which is used for vpn access.
    vpn clients get an ip on the subnet

    they can reach the machines on LAN subnet, but can't access the pfSense box (https/dns/ping).

    My main issue is that I want them to use the DNS of pfSense.
    If I point my vpn clients to another DNS on the LAN subnet it works, but this is the legacy DNS I want to replace with pfsense.

    So the question is how can I access pfsense on the LAN interface from a different secondary subnet ?

    I have allowed any to access on ports 443, 53 LAN interface

    I also have set in System /Advanced /Firewall&NAT
    Static route filtering  X Bypass firewall rules for traffic on the same interface

    Thank you for your help

  • Add a static route for pointing on the other router.

  • Thank you it solved my issue.
    I'm surprised my legacy DNS server didn't need the static route as well.

  • Me too. Maybe you have replaced the other router by pfSense, but the legacy DNS server still uses the old router as gateway?

  • you are right !
    Thank you.