Routing and gateways and VPN, oh my



  • I have two pretty bog standard /24 networks connected with an IPSec VPN, 192.168.44.0/24 and 192.168.45.0/24. Traffic flows just fine between them and all is good.

    Except to the Exchange server on the .44.0 network. The Exchange server in question is multihomed, and has the default GW on an external IP. It also has an internal NIC, on the .44.0/24 network, but the default route is to the external IP/network.

    The internal NIC is used for internal clients - your Outlook and the like, also SMTP for our internal devices (multifunction printers and whatnot).

    This works great for clients that are on the .44.0/24 obviously, but nothing on the remote .45.0/24 can reach it.

    However, everything on the remote .45.0/24 can reach everything else on the .44.0/24 where the default GW is set to the pfSense - the exception being this machine that has no static GW set.

    I'm a bit fuzzy on the whole static routing stuff, so could someone help me sort out where changes need to occur? One or both of the pfSenses or should I add static routes to the Exchange server itself?

    The usual process is to add a gateway, a route and then a firewall rule or so I gather, but what happens when it's over a VPN?



  • Just set a static route for 192.168.45.0/24 on the Exchange pointing to pfSense:

    route add -p 192.168.45.0 mask 255.255.255.0 <gateway></gateway>
    

    Replace "<gateway>" with the LAN IP of pfSense within 192.168.44.0/24.</gateway>


Log in to reply