Additional Pool in DHCP, MAC address, MutilWAN, and PIA OpenVPN.

  • Hi all,

    Despite the confusing subject line, my problem is pretty simple, except that I don't have the required pfSense knowledge as to solve it on my own. I have three WANs, two are setup as loadbalance/failover, and the third wan is a standalone wan that I have set my PIA openvpn over. My problem is that I would like a certain IP range (or even simpler, certain clients to talk through the openvpn via the third wan gateway, and rest talk through the the default loadbalance gateway).

    (WAN1 + WAN2) –-> LB Gateway while wan1 is the default gateway.
    LAN subnet, DHCP POOL: -

    WAN3 --> PIA OVPN -----> For certain clients
    DHCP Additional Pool: -

    I suppose one way is to assign MAC addresses to the additional pool. But, what would be the best way to approach this problem?


  • You can sort of achieve this by ip-mac binding but the best way to do this is either use managed switch or vlan.


  • Hi Ashima,

    Thanks for the reply. As far as my understanding goes the IP-MAC binding only works when the client IP is outside of dhcp pool. I tried this before. As for VLANs, I am absolutely clueless (have to start reading up on it). I want the clients to be able to talk to each other inside the LAN, but shuttle out through above gateways when connecting to the internet.

    PS. this setup is for home use.

  • You won't see MAC addresses over the VPN in tunnel mode.  You have to use TAP mode.  However, a DHCP server at the remote site could also handle it, with tunnel mode.

  • You can have two dhcp pools but you cannot tell this client should select from pool A and this client should select from pool B. So all the clients you want to be in pool B give them fixed ip. But remember if any other client which was suppose to get dhcp address from Pool A, fix his ip to pool B then he'll be allowed.

    So to avoid this you should either use Managed switch or go for vlan.

    If you have all wireless devices, then setting up vlans is quite simple. Only thing then required will be device which can tag the clients. Most of the APs now a days come vlan tagging facility.

    If you have desktops then you have to invest in managed switch.

    I can help you setup vlans, incase you decide to do so.

Log in to reply