How can I tell pfSense that a certain gateway can also be used as default gatrway?



  • How can I route back through a tunnel while still maintaining access to the subnets in the tunnel and without adding NAT?

    For example: a main network is connected to a remote site through a tunnel, both sides can reach each others subnets without problems but clients on any given network. To leverage the additional public IP address, resources are published on the remote network but, unless there's a second network adapter on the hosts themselves, routing back will fail because the main firewall will block reply attempts because they are asymmetrically routed.

    adding routes through remote network.png

    Basically I want to make the tunnel network, or what lies ahead of it a second WAN without policy-routing it while maintaining access to its subnets which are on the RFC1918 space.

    Is this possible?

    Thanks for your help. :)


  • LAYER 8 Global Moderator

    Yeah you would have to source nat for that to ever work.. Since you don't know what the source IP would be, how could you route it back to the remote site? So you have to source nat the traffic as it goes over to the main resource - so it send answer back to remote site pfsense to go back to the internet via that public IP.



  • You just made it make sense.

    I had been going over and over about going around the default route but I kept coming up with nothing because traffic was going to the Internet (AKA the default route), therefore it had to take the default route to get there. It made no sense. ☹

    Thanks a million for your help!


Log in to reply