• HI
    I need to connect two site using two pfsense and open vpn site to site peer key but i got one difficulty as the LAN side is managed by an other gateway.

    TO resume i got :

    SITE A:
    1 TSE SERVER IP : connected to pfsense and using specific gateway as WAN

    SITE B:

    one LAN connected to a specific gateway (ADSL modem) that i am not allowed to used for routing my vpn .

    Then i add another modem as second gateway and one pfsense.

    My pfsense got the second gateway as WAN and got lan interface connected to LAN switch as

    I also add route on machine :
    route -p add mask

    Openvpn is up and machine can connect t server

    BUT i am not able to reach printer in the LAN SITE of SITE B from SERVER

    From SERVER i was able to ping (pfsense of SITE B) but not printer (

    If i try ping from pfsense of SITE B with source LAN ping works , but if i try ping from open vPN it s not working .

    I suspect that i add to add a reoute somewhere in pfsense Site B but i am a litlle bit lost .

    Any advice ???

  • I make some progress and i think i found the issue but don't know how to resolve.

    From my point of view when server in site A ( send packet to printer in site B (192.168.5.) , the packet arrive to printer but when printer want to respond printer contact its gateway 192,168.5.254 and not the pfsense (

    I am quite sure that i have to work with Firewall/NAT/Outbound and i saw some note on it

    but i tried and it s not working.

    I probably not creating the rule correctly

    what i made

    In pfsense Site B
    Firewall > NAT > Outbound
    Mark "Hybrid rule generation" and hit save.

    Then add this rule:

    interface = LAN
    Protocol = any
    Source = Network (the vpn tunnel between site A and B)
    Destination = any
    Translation = Interface address

    I also perfomr a packet cpature on lan interface and i saw icmp coming form > but don't know if nat is working ..

  • The source network in the rule has to be the LAN of site A in your case, since it is a site-to-site.

  • Thanks you very much you save my day ;)

    I worked on it for few hours now and the solution was in fact very simple

Log in to reply