Firewall rule to allow traffic from local traffic from pfsense to ipsec tunnels



  • I have a pfsense box at a branch office that has been running well for months. It terminates 2 ipsec tunnels one to our HQ and one to Azure. I have 2 DNS servers one in azure and 1 at our HQ. I use DHCP to hand out the addresses of the DNS servers to branch office clients. When a client sends a DNS request it transverses the VPN and generally works very well.

    How do I create a firewall rule that allows traffic from the pfsense box itself to access the DNS servers? I have configured the DNS servers on the firewall but they don’t seem to be reachable. When I use the diagnostic-ping utility I’m unable to ping the DNS server unless I set the source address to be the LAN interface.

    Any help would be greatly appreciated!