• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing instead of NAT between sites

Scheduled Pinned Locked Moved Routing and Multi WAN
6 Posts 2 Posters 285 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • I
    idarlund
    last edited by Jun 24, 2025, 11:56 AM

    Hi,

    I've got a setup where I have Wireguard VPN between two sites. I have set up static routing tables so that traffic between private IPv4 ranges on both sites can talk to each-other over the VPN.

    Site1: 10.5.10.0/24
    WG tunnel 10.2.56.1 <-> 10.2.56.85
    Site2: 10.6.66.0/24

    When sending a package from a client (10.6.6.66) on site2, to a client (10.5.10.105) on site1 I can see in tcpdump that the package is NATed:

    13:52:42.700102 eth0 In  IP 10.2.56.85 > 10.5.10.105: ICMP echo request, id 32, seq 1, length 64
    13:52:42.700152 eth0 Out IP 10.5.10.105 > 10.2.56.85: ICMP echo reply, id 32, seq 1, length 64
    

    I also can confirm in the firewall at Site2 that NAT is happening there;

    13:54:29.126837 IP 10.2.56.85 > 10.5.10.105: ICMP echo request, id 33, seq 1, length 64
    13:54:29.161781 IP 10.5.10.105 > 10.2.56.85: ICMP echo reply, id 33, seq 1, length 64
    

    How can I get pfsense to route traffic I want between these sites instead of NATing it?

    B 1 Reply Last reply Jun 24, 2025, 5:01 PM Reply Quote 0
    • B
      Bob.Dig LAYER 8 @idarlund
      last edited by Jun 24, 2025, 5:01 PM

      @idarlund said in Routing instead of NAT between sites:

      I have set up static routing tables

      How have you done that.

      I 1 Reply Last reply Jun 24, 2025, 9:01 PM Reply Quote 0
      • I
        idarlund @Bob.Dig
        last edited by Jun 24, 2025, 9:01 PM

        @Bob-Dig said in Routing instead of NAT between sites:

        @idarlund said in Routing instead of NAT between sites:

        I have set up static routing tables

        How have you done that.

        b8a8af0c-2f74-45dd-a95e-077046dc914f-image.png

        B 1 Reply Last reply Jun 25, 2025, 7:47 AM Reply Quote 0
        • B
          Bob.Dig LAYER 8 @idarlund
          last edited by Bob.Dig Jun 25, 2025, 7:49 AM Jun 25, 2025, 7:47 AM

          @idarlund Thought so.

          If you don't mind, here is a great video from Christian McDonald explaining it all.

          I 1 Reply Last reply Jun 25, 2025, 12:02 PM Reply Quote 0
          • I
            idarlund @Bob.Dig
            last edited by idarlund Jun 25, 2025, 12:04 PM Jun 25, 2025, 12:02 PM

            @Bob-Dig said in Routing instead of NAT between sites:

            @idarlund Thought so.

            If you don't mind, here is a great video from Christian McDonald explaining it all.

            I don't mind at all. Thanks!
            This is what I love about community. People helping each-other! Also, the best kind of help; nudge people in the right direction without just telling the answer. With this method we'll probably learn something on the road! I will check out the video to see what I did wrong or if it's not possible :)

            1 Reply Last reply Reply Quote 0
            • I
              idarlund
              last edited by Jun 25, 2025, 5:35 PM

              Thanks again for the video. It solved my problem.

              If anyone bumps into this thread in the future, the static route showed in a screenshot above here was correct, however here's what I did wrong:

              On site2 I had set "IPv4 Upstream gateway" in the interface config to the gateway on site1. This makes pfsense NAT the traffic instead of routing it. Here's a timestamped link to the video where this is explained.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received