Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple LAN's + VPN and Static Routes

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 4 Posters 6.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      alexandru.ast
      last edited by

      Hello everyone,

      I've made a testing configuration on a pfsese box 1.2.2 with one wan interface and two lan interfaces. One of the lan (10.60.1.3/24) is the servers lan (only servers and other equipment) and the other lan is for office users (192.168.1.1/24). Also, i've set up a vpn server on the pfsense box (pptp), using the 172.16.237.96/28 subnet.
      We are also accessing other networks through ip addresses on the lan side, for exemple we are accessing 10.0.0.0/8 through 10.60.1.7, 10.241.0.0/16 through 10.60.1.1 and 192.168.0.0/16 through 10.60.1.2 and some others.

      I've found out that it is required to set up a interface for the static route rule on the pfsense, and as normal, the static route is only working for things coming from that interface - I've set it up for the backbone interface and i can only ping those networks from the servers, not from offices. When i tried to add the same static route for other interfaces, pfsense told me that the destination is already defined. Also, i didn't find out where to set up the metric for the route, because there is need for static routes that overlaps other subnets defined (for example 10.241.0.0/16 which overlaps 10.0.0.0/8)

      These are my problems, we are using now a zyxel zywall 35 utm with dmz (servers) and lan (office users) which is working fine with these static routes:

      10.11.11.0/24 through 10.60.1.9, metric 10
      10.241.0.0/16 through 10.60.1.1 metric 10
      10.0.0.0/8 through 10.60.1.7, metric 20
      192.168.0.0/22 through 10.60.1.4 metric 10
      192.168.0.0/16 through 10.60.1.2 metric 20

      Please, help me if you can…
      Thank you!

      1 Reply Last reply Reply Quote 0
      • _ Offline
        __Fox__
        last edited by

        Same problem..

        Site A (pfsense 1.2.3)
        LAN 192.168.1.x
        OPT1 192.168.40.x

        SITE B (pfsense 1.2.3)
        LAN 192.168.2.x

        IPSEC TUNNEL from SITE A to SITE B
        Rules on IPSEC = all permitted
        rules on OPT1 = all permitted

        from site B if I try a tracert to a SITE A LAN it's OK (site B gw, site A gw, host)
        from site B if I try a tracert to a SITE A OPT1 (192.168.40.x) it's KO (site B gw, WAN gw, somewhere in internet, KO)

        do you have any idea?

        1 Reply Last reply Reply Quote 0
        • F Offline
          focalguy
          last edited by

          I didn't really read the original post but IPSec does not follow the route table. You'll need a second tunnel set between site B and Site A using the OPT1 subnet.

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            Or use OpenVPN in shared-key mode for the site-to-site tunnel and route whatever you want using its custom options (it does obey the routing table)

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.