Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense to pfSense router with no vpn?

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 671 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • canadianllamaC
      canadianllama
      last edited by

      Hi, we have a pf router that serves 10 IPSEC site to site vpns. But one of the sites is in the same building.
      Could we stick a 3rd card in each box and setup some sort of network to bypass the IPSEC vpn and the WAN, and connect directly to it?

      Here's a better example i guess.
      Site 1 is the local site where we have SHAW MODEM > PFSENSE > LOCAL NETWORK.
      (There are about 10 of these sites)
      Site 2 is also at site 1, but it has SHAW MODEM (its own) > PFSENSE > SERVER.
      IPSEC site to site connects site 1 to site 2.

      Because they are both in the same building, we would like to bypass the IPSEC that is running through the internet and somehow hook these right together.

      The server at Site 2 is accessed by RDP from all the other sites. So we need to connect site 1 and site 2 and then make them talk to each other somehow, even though they are on separate subnets... so maybe a IPSEC but on the local lans instead of through the internet? Or can we somehow bypass the IPSEC need.

      They are both computers so we can install anything we need into them.

      If anyone has done this please share the love!

      Thank you

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Sure you can connect them together using a small transport subnet and just add static routes on each side to pass the traffic.

        Steve

        canadianllamaC 1 Reply Last reply Reply Quote 0
        • canadianllamaC
          canadianllama @stephenw10
          last edited by

          @stephenw10 So would i need another NIC in each PC to achieve this? or can I somehow plug directly LAN to LAN without the DHCP's messing it up (layered switch maybe?)

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Using a separate NIC at each end would be easiest. You might be able to do it with a VLAN instead if you don't have spare NICs.
            You definitely don't want to just join the two LAN together in one huge layer 2 segment. You would see numerous issues including two DHCP servers on it.

            Steve

            1 Reply Last reply Reply Quote 0
            • chpalmerC
              chpalmer
              last edited by

              We do this using a /29 and NAT turned off on the interconnect interfaces on two boxes we have. Each box has a spare ethernet port we used. We use the routed package and set up RIP on the units. Works great as we can reach all the other VPN circuits without complicated setup. All you need to do is build firewall rules on the interconnect interfaces on each side to allow what you want to allow.

              Triggering snowflakes one by one..
              Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

              canadianllamaC 1 Reply Last reply Reply Quote 0
              • canadianllamaC
                canadianllama @chpalmer
                last edited by

                @chpalmer Thank you guys, we will be looking into this!!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.