Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing and gateways and VPN, oh my

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 2 Posters 475 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      KimmoJ
      last edited by

      I have two pretty bog standard /24 networks connected with an IPSec VPN, 192.168.44.0/24 and 192.168.45.0/24. Traffic flows just fine between them and all is good.

      Except to the Exchange server on the .44.0 network. The Exchange server in question is multihomed, and has the default GW on an external IP. It also has an internal NIC, on the .44.0/24 network, but the default route is to the external IP/network.

      The internal NIC is used for internal clients - your Outlook and the like, also SMTP for our internal devices (multifunction printers and whatnot).

      This works great for clients that are on the .44.0/24 obviously, but nothing on the remote .45.0/24 can reach it.

      However, everything on the remote .45.0/24 can reach everything else on the .44.0/24 where the default GW is set to the pfSense - the exception being this machine that has no static GW set.

      I'm a bit fuzzy on the whole static routing stuff, so could someone help me sort out where changes need to occur? One or both of the pfSenses or should I add static routes to the Exchange server itself?

      The usual process is to add a gateway, a route and then a firewall rule or so I gather, but what happens when it's over a VPN?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Just set a static route for 192.168.45.0/24 on the Exchange pointing to pfSense:

        route add -p 192.168.45.0 mask 255.255.255.0 <gateway></gateway>
        

        Replace "<gateway>" with the LAN IP of pfSense within 192.168.44.0/24.</gateway>

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.