Can't get traffic from VLAN to internet



  • Hi,
    I have the following setup alt text. The switch is a Juniper EX4300, but I am essentially running it in layer 2 only and have pfsense doing the routing. I have the following rules setup for the interface alt text
    I know I currently am using policy routing, but I have also removed the gateway from the rule, but the effect is the same. I see the machines on the vlan trying to access the internet in the firewall logs, but I can't seem to find where the traffic goes.

    I've found a couple of other threads in the forum, but their suggestions were add an any to any rule to give the VLAN internet access which resolved those peoples issues. Does anyone have any suggestions on what might be wrong?

    Thanks in advance.



  • There are several things that need to be looked at:

    1. Verify VLAN 60 was created on the correct parent interface

    2. ix2 should be trunked to your switch, which looks like it is, but I would verify that it's up and actually operating as a trunk
      a. If you're pruning unused VLANs on the trunk, verify that VLAN 60 is allowed to traverse it.

    3. Is the policy routing rule in place and configured correctly? Looks like it is.

    4. Verify your VPN gateway is online (Status -> Gateways -> Gateways)

    5. Verify there is an outbound NAT in place (and configured correctly) for traffic sourced from VLAN 60 on the VPN interface

    6. Verify there are no old static routes interfering with routing.

    7. Lastly, If you just recently set up the VPN, did you remember to bounce the tunnel after it was assigned to an interface? If not, traffic will not pass until you bounce the service for the tunnel (Status -> Services)



  • Verify there is an outbound NAT in place (and configured correctly) for traffic sourced from VLAN 60 on the VPN interface

    This was the problem. Thank you so much. I feel a little stupid right about now ;-)


Log in to reply