Routing trafic to other server
I currently run pfsense as the network gateway and i am more than satisfied. Great work :)
Here comes my problem. In our network we have another box, with external IP, that acts as a VPN server, it has one external IP and one internal (in the same subnet as the pfsense's box internal net). So i added static routes, that when people from our internet network try to access the remote network (via VPN), the requests should be automatically forwarded to the VPN servers' internal address, who will handle the job further.
So far so good, everyhing working.
However, the problems arouse when transfering files via scp. As soon as the copying starts, the speed just goes down, and in a few seconds the transfer is stalled. Everything above 1 MB has no chance of reaching the other end. From the VPN server directly it works. What could be the problem?
I also must say that i chose this solution, because ipsec between the pfsense box and the remote box (a debian linux) just wouldn't work. And of course, on the other end, the sysadmin wouldn't even give a chance to pfsense (or freebsd for that matter :(( )
Any idea why this happens to the transfers?
Try lowering the mtu at you WAN interface to 1300. Does that help? If yes raise the level of the mtu until it breaks and go back a step again. We had reports at IRC where this solved similiar issues.
I tried the MTU thing, didn't change anything.
Any other suggestions?
Well, i did the following two things, don't really know which one solved the problem, but it's solved: upgrade firmware to RC2 (was running RC1) and the following setting checked in Advanced:
Bypass firewall rules for traffic on the same interface
(This option only applies if you have defined one or more static routes. If it is enabled, traffic that enters and leaves through the same interface will not be checked by the firewall. This may be desirable in some situations where multiple subnets are connected to the same interface.)