Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 pfsense devices -> BT Openreach Modem

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    6 Posts 4 Posters 526 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      templateunheard
      last edited by

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • A
        akuma1x
        last edited by akuma1x

        What exactly are you trying to do here?

        For example - double your internet speed or setup redundancy, have 2 separate and distinct LAN networks behind 2 separate pfsense boxes, host some servers or services out to the internet (game servers, file servers, etc.), or what? Tell us what you're trying to do.

        Is this a SINGLE modem to 2 different pfsense boxes? If so, and you're trying to do one of the things mentioned above, you would get your ISP to route you multiple public facing IP addresses so you can do server stuff (see above) with these connections. If that's what you're doing, that can all be done with 1 WAN connection on 1 pfsense box.

        So, long story short... please tell us what you're trying to do.

        Jeff

        T 1 Reply Last reply Reply Quote 0
        • T
          templateunheard @akuma1x
          last edited by

          @akuma1x Thanks for the reply, suprisingly nice.

          Basically I'm looking to have 2 seperate networks as I've had trouble with having these groups of devices on a single device. I'm also going to lock down and restrict the traffic of the second device as it only needs to meet a specific purpose.

          Yes, my main goal would be the have the second pfsense device connected to the first (main) device as it would go through another VPN connection and have an IPS on it however I can set up two using 1 openreach modem if needed. Basically, in order, here's how I want my network to function:

          Network 1:
          Computer -> pfsense inner device -> IPS -> OpenVPN -> pfsense outer device -> IPS -> OpenVPN -> Openreach Modem -> Internet

          Network 2:
          pfsense main device -> IPS -> OpenVPN -> Openreach Modem -> Internet
          pfsense secondary device -> IPS -> OpenVPN -> Openreach Modem -> Internet

          1 Reply Last reply Reply Quote 0
          • NogBadTheBadN
            NogBadTheBad
            last edited by NogBadTheBad

            1 pfSense router with vlans on the lan interface and a switch that supports vlans.

            I highly doubt than you’ll get 2 different Ip addresses from the modem.

            You can route different vlans via different VPN’s that terminate on the same WAN interface.

            Andy

            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

            T 1 Reply Last reply Reply Quote 0
            • T
              templateunheard @NogBadTheBad
              last edited by

              @NogBadTheBad I understand that. I don't want 2 seperate IP's from that WAN device, I want both to access the same IP and use it, my need is that there be 2 pfsense devices. That's what I'm trying to achieve.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by stephenw10

                Have you unlocked the modem or replaced it's firmware? The second Ethernet port is not normally active on Openreach modems.

                Is it still running in modem mode?
                The only way you could connect two pfSense devices to the modem is if it's running as a router. In the default modem mode you use a PPPoE session from pfSense and you can't create two PPPoE sessions.

                You should use just one pfSense box behind the modem connected via PPPoE and have two subnets on separate interfaces behind that. You can that have them fully isolated or allow connectivity between them as required.

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.