Multiple LAN's + VPN and Static Routes

  • Hello everyone,

    I've made a testing configuration on a pfsese box 1.2.2 with one wan interface and two lan interfaces. One of the lan ( is the servers lan (only servers and other equipment) and the other lan is for office users ( Also, i've set up a vpn server on the pfsense box (pptp), using the subnet.
    We are also accessing other networks through ip addresses on the lan side, for exemple we are accessing through, through and through and some others.

    I've found out that it is required to set up a interface for the static route rule on the pfsense, and as normal, the static route is only working for things coming from that interface - I've set it up for the backbone interface and i can only ping those networks from the servers, not from offices. When i tried to add the same static route for other interfaces, pfsense told me that the destination is already defined. Also, i didn't find out where to set up the metric for the route, because there is need for static routes that overlaps other subnets defined (for example which overlaps

    These are my problems, we are using now a zyxel zywall 35 utm with dmz (servers) and lan (office users) which is working fine with these static routes: through, metric 10 through metric 10 through, metric 20 through metric 10 through metric 20

    Please, help me if you can…
    Thank you!

  • Same problem..

    Site A (pfsense 1.2.3)
    LAN 192.168.1.x
    OPT1 192.168.40.x

    SITE B (pfsense 1.2.3)
    LAN 192.168.2.x

    Rules on IPSEC = all permitted
    rules on OPT1 = all permitted

    from site B if I try a tracert to a SITE A LAN it's OK (site B gw, site A gw, host)
    from site B if I try a tracert to a SITE A OPT1 (192.168.40.x) it's KO (site B gw, WAN gw, somewhere in internet, KO)

    do you have any idea?

  • I didn't really read the original post but IPSec does not follow the route table. You'll need a second tunnel set between site B and Site A using the OPT1 subnet.

  • Rebel Alliance Developer Netgate

    Or use OpenVPN in shared-key mode for the site-to-site tunnel and route whatever you want using its custom options (it does obey the routing table)

Log in to reply