pfsense are router ONLY
-
I have the above setup :)Basically trying to make pfsense as router so I disabled packet filter and NAT
My goal is to route traffic from 192.168.1.14 to 192.168.62.1
So on R1 I create route for 192.168.62.0 and on pfsense I create GW on 192.168.61.1 interface and then create static route for 192.168.1.0 (all pictures are attached)When I do Wireshark on the 192.168.62.1 I can see the traffic coming from 192.168.1.14 , but it dies on the way back as there is no reply on 192.168.1.14 , However I see packet from 192.168.61.254 to 192.168.62.1 (TTL exceeded in transit). so my guess there is a loop somewhere
here is my setup on pfsense
What do I missing here ?
BTW if I replace pfsense with cisco virtual router or arista it work immediately so the problem is in pfsense configuration
All lab is esxi 6.5 -
why are you creating a gateway to itself?
The default route will get it back to 192.168.1
if you were going to create a static route to 192.168.1 the it would point to 192.168.61.1 - not itself.
-
Not sure I follow you here :)
default route is on the WAN interface and 192.168.1.0 traffic coming from 192.168.61.254 interface.
can you please explain what do I need to do here exactlyThanks
-
Now I got it :)
Thanks for the hint
However if I have 2 routers as failover one 192.168.62.1 and one 192.168.62.2 , how do I setup the route in pfsense so if 192.168.62.1 went down traffic will do to 192.168.62.2 ?Thanks
-
It would never be setup that way... If you had 2 routers upstream you would do it via carp or hsrp setup, ie HA and your router would point to the vip of the HA pair.
If you had 2 different upstream routes to get to the same place then you normally setup some sort of automatic route handling so that the route from r1 would fail when you need to use r2.. Say BGP or EIGRP, etc.
Or you could do it with say a failover group on pfsense I guess. But this would seem a bit nuts if you control the upstream router pair.
-
hmm , other solutions I can point the route to the interface (which I can't in pfsense) and thenR1 and R2 use GARP to announce themselves if one of them got down.
I tried that with Cisco for example and it worked , but not sure how to do it in pfsense since I can't use interface as GW insetead of IP
Thanks -
I would suggest you read
https://docs.netgate.com/pfsense/en/latest/routing/multi-wan.html -
Thanks for all your help , I have been there and trying to make it work :)
