No Internet on second lan
I am running pfsense 2.4.4 release p3
Wan on igb0 connected by PPPoE to openreach VDSL modem 192.168.1.xxx
igb1 and igb2 are bridged and provide internet access using openvpn 192.168.2.xxx
I am trying to set up a second lan on igb4 on 192.168.3.xxx with the aim of providing internet access NOT through VPN.
When I connect a pc to SecondLan, I get local access - I can logon to pfsense and can ping a computer on 192.168.2.xxx but no internet access.
Windows 7 troubleshooter reports "Your broadband modem is experiencing connectivity issues" If I connect to igb1 the computer obtains a 192.168.2.xxx address and will connect to the internet.
I can see the dhcp lease in Status/DHCP leases and can see 192.168.3.0 /24 reported in automatic rules Outbound NAT Mode Hybrid. SecondLan is configured to pass all.
I connected a router between WAN port and modem and was able to log into it. This suggested to me that data is being passed through the interfaces.
I am now stumped as my knowledge of pfsense/networking is somewhat less than "sketchy"
Thanks for any assistance
Do you have a Default Allow rule on the igb4 interface? Only the first LAN gets such a rule by default. All other added interfaces have no rules and no access.
I believe so.
Under Firewall/Rules/SecondLan I have
Protocol IPv4 *
Source SecondLan net
Did you modify your outbound NAT rules recently? If your first LAN is working, then usually the extra LANs are a cinch with just the addition of the Default Allow rule.
These are my current (hybrid) outbound nat rules .
The automatic rules have obviously changed by the addition of 192.168.3.0/24
kiokoman last edited by
can you ping 126.96.36.199 from secondlan ? maybe a dns problem?
No I cannot ping 188.8.131.52 from SecondLan.
The address of my WAN is given as 146.xxx.xxx.xxx and I can ping that
I'm not sure what's going wrong here. I will say that I've had a few cases this week where simply deleting everything and starting again fixed several weird problems.
Do you have Don't pull routes checked or unchecked in the purevpn client config?
If it's unchecked, check it.
Well definitely a step forward thank you.
Checking don't pull routes does indeed provide internet access on SecondLan. However the computer on igb1 that should be going through my VPN now displays my public IP address.
Further advice welcome as I am well out of my depth here.
You have two choices:
Disable Don't pull routes and policy route everything you DON'T want to go over the VPN to the WAN Gateway.
Enable Don't pull routes and policy route everything you DO want to go over the VPN to the VPN Gateway.
When you pull routes from a VPN server they usually push a default route to you (actually two routes 0.0.0.0/1 and 184.108.40.206/1 which covers the IPv4 space in two routes.) This means you need to policy route exclusions to that out the WAN.
Gertjan last edited by
I will say that I've had a few cases this week where simply deleting everything
Included the fact that there was an "AP" between OPT and the device - pfSense worked well, it was the AP .....
@DaveB : what is between your OPT interface and your device - just a cable or some box ?
What was the IP the device got using DHCP ?
I believe I am now sorted.
I have left don't pull roots unchecked and in firewall/rules/secondlan advanced options/gateway I chose WAN_PPPoE.
I now have internet connection via VPN on igb1 and igb2 and connection not through VPN on igb4 just as I wanted.
Many thanks for the help