Routing Between 2 PFSense Boxes



  • Hi there,

    I have the following attached setup. I need clients to be able to connect to my Microsoft PPTP box from the WAN connection on the PFSENSE 2 box.

    I have LAN2 pinging LAN1 ranges from both PFSENSE boxes but can't get LAN1 pinging each others subnets.

    Example:

    PFSENSE 1 LAN1 192.168.10.1 > PING > PFSENSE 2 LAN1 192.168.11.1 - DOESNT WORK
    PFSENSE 1 LAN1 192.168.10.1 > PING > PFSENSE 2 LAN2 192.168.12.2 - DOESNT WORK

    PFSENSE 1 LAN2 192.168.12.1 > PING > PFSENSE 2 LAN2 192.168.12.2 - WORKS
    PFSENSE 1 LAN2 192.168.12.1 > PING > PFSENSE 2 LAN1 192.168.11.1 - WORKS


    PFSENSE 2 LAN1 192.168.11.1 > PING > PFSENSE 1 LAN1 192.168.10.1 - DOESNT WORK
    PFSENSE 2 LAN1 192.168.11.1 > PING > PFSENSE 1 LAN2 192.168.12.1 - DOESNT WORK

    PFSENSE 2 LAN2 192.168.12.2 > PING > PFSENSE 2 LAN2 192.168.12.1 - WORKS
    PFSENSE 2 LAN2 192.168.12.2 > PING > PFSENSE 2 LAN1 192.168.10.1 - WORKS
    PFSENSE 2 LAN2 192.168.12.2 > PING > PFSENSE 2 LAN1 192.168.10.113 - WORKS

    The goal is to be able to get PFSENSE 1 LAN1 192.168.10.0 talking to PFSENSE 2 LAN1 192.168.11.0 Then having a NAT/Firewall Rule on PFSENSE 2 redirecting PPTP traffic to 192.168.10.113

    I've drawn a picture of the setup below. Can someone help me by telling me where I'm going wrong?  ???



  • Are the two pfsense boxes in the same location?

    Can you paste a picture of your firewall rules for each of the interfaces involved?



  • Hi chpalmer,

    These are my Firewall Rules along with the Routing I've setup:

    PFSENSE1 LAN1

    PFSENSE1 LAN2

    PFSENSE1 ROUTES

    PFSENSE2 LAN1

    PFSENSE2 LAN2

    PFSENSE2 WAN1

    PFSENSE2 ROUTES



  • Are the two pfsense boxes in the same location?

    You have some redundant rules that while they appear to me to be unnecessary are probably not hurting anything…

    To simplify things, have you considered deleting the second subnet of the pfSense 1 box and using the second subnet of the second pfSense box to connect directly to the first subnet of the first box?

    Then treat the second LAN subnet like a second WAN on the second box.

    But for now-  Are you seeing anything in the firewall logs of either box?  I doubt you are but have to ask...  I believe you have to add a gateway still to both boxes under "System/Routes"


Log in to reply