Secondary subnet not able to access pfSense on LAN interface (DNS service)


  • Hi,
    I have a set with 2 routers.
    pfSense is connected to internet router on WAN interface and to internal LAN on LAN interface.
    LAN subnet is 192.168.192.0/24

    I have a client on the 192.168.192.0/24 subnet, I'm able to https to pfSense (192.168.192.100) and use pfSense as the DNS resolver

    But I have another router which is used for vpn access.
    vpn clients get an ip on the 192.168.0.0/24 subnet

    they can reach the machines on LAN subnet, but can't access the pfSense box (https/dns/ping).

    My main issue is that I want them to use the DNS of pfSense.
    If I point my vpn clients to another DNS on the LAN subnet it works, but this is the legacy DNS I want to replace with pfsense.

    So the question is how can I access pfsense on the LAN interface from a different secondary subnet ?

    I have allowed any to access on ports 443, 53 LAN interface

    I also have set in System /Advanced /Firewall&NAT
    Static route filtering  X Bypass firewall rules for traffic on the same interface

    Thank you for your help


  • Add a static route for 192.168.0.0/24 pointing on the other router.


  • Thank you it solved my issue.
    I'm surprised my legacy DNS server didn't need the static route as well.


  • Me too. Maybe you have replaced the other router by pfSense, but the legacy DNS server still uses the old router as gateway?


  • you are right !
    Thank you.