Routing and dhcp between 2 pfsense full installs question
-
im stuck in a weird situation, i have 2 offices and pfsense full install machines in each office with their own internet connection, dhcp r enabled on both the machines for the lan connection in each office in the range 192.168.30.0/24, now i also setup a ubiquity airgrid at each end in bridge mode so i can access web server on the lan on site A, now i have wireless access point at each end for wireless clients. now the problem starts when i have dhcp enabled on both the boxes at once because of the airgrid they all come under one lan so there is a dhcp race in giving out ips and also each box will give out ip adress and set default gateway for that box so in this situation i have to disable dhcp on box B and clients there i have configure with static ips but i cant do this for wireless clients and at time the wireless clients move from site B to Site A so i want those wireless clients to access the itnernet using the pfsense box at their local end rather than from the site A box with dhcp when on site B and stillb e able to use dhcp on both boxes.
in summary i want dhcp on each box and if a wireless client is at point A then point A pfsense will give out ip and its own gateway and if at point B then ip from point B pfsense with its ip as gateway.
is there any way to solve this even by changing ip subbets etc with routing gateways etc
-
Are the PF box's a computer? can you stick in another lan card in each box?
This is how I have the exact same setup working.
3 nics in each PF box.
different subnet on the MAIN lan each box ( you need to change one)
The new added 3rd nic is the same subnet both box's But still different from either LAN's This Opt1 new interface is NOT a gateway. Don't change any settings there.On the new interface OPT1 .Create a static route on each PF box pointing to the LAN subnet on the other pf box.
Change your Ubiquiti radios lan ip's so they are in this 3rd subnet. Plug them in the new nics.
You can make a pass all firewall rule on both sides or limit the traffic the way you want, but this will let you have access to any server from either side of the network.
File sharing samba and the like will not work unless you modify hosts files.
-
actually site A box has one nic and using vlans and site B box has 2 nics, one for wan and one for lan without vlan
-
any other way to have the same lan on both ends and just block the dhcp requests between the 2 pfsense boxes so file sharing, web server access isnt lost but only the clients at A end dont get a lease from point B and the other way round?
-
You could try in each pf box /dhcp server mac address filter. Fill in all the mac's you want to get an address on each box and it will ignore the rest.
But this may still cause problems for mobile devices that roam between lans.The way I outlined above is the only full proof way I know of. Once it's setup you never have to mess with again.
-
by file sharing u mean the windows file share will not work?
-
No , not through the static route.
You would have to add/ modify the hosts file on the computers that need to use windows file sharing.Maybe you could set up the MAC address filter in the dhcp server.
Mobile devices that work on both sides would need a mac entry on both routers.Desktops would only get an IP address if their mac is entered in the correct router.