Cannot reach LAN devices through VPN unless gateway is set on every one of them
-
Hi everyone,
I'm trying to use a pfsense firewall for establishing a VPN between our factory and the customer one to connect to PLC and other devices in order to provide remote assistance. The topology is as follows:
Howerver, once I've established the VPN tunnel, I can only reach (ping) devices which I configured with gateway equal to 192.168.1.1.
In the example, I can ping PLC and Panel PC but I cannot ping Point I/O.Aside from the fact the we use a lot of devices and thus setting the gateway on each one of them can take a lot of time, the main problem is not all devices provide an way of configuring the gateway.
We used to use Secomea Link Manager, which provides a transparent tunnel, allowing us to reach all devices in the machine network without any further configuration.Is there a way to achieve the same behavior with pfsense, without being required to manually configure the gateway on each single device?
Thanks,
Alessandro -
@amartinelli
Without an option to state a gateway, the device can only communicate on the same L2 network.
Hence the only way to access these devices from outside is to nat the concerned traffic on pfSense. Do so, pfSense translates any source IP in packets into its LAN address.You can do this with an outbuond NAT rule.
If the outbound NAT is in automatic mode switch to hybrid first.
Then add a rule like this;
interface: LAN
source: 10.10.94.2 (the VPN IP)
destination: any (or an alias containing the concerned devices)
Leave the other values at their defaults. -
@viragomann Thank you very much, I was able to solve this problem I was dealing with since some time!