Multi LAN through VPN Gateway - solved -



  • Hi!

    I do have the following setup in place:

    I want to tunnel all traffic from behind pfsense 2.0.3 through a VPN.
    This works fine for my hosts in VPNGWNET. If the VPN drops, rules in the endian
    firewall block all traffic, except for DNS and a new VPN session.
    Also I want to seperate VPNGWNET and GUESTS. There is only one host in VPNGWNET
    but I don't want GUESTS to have access to it.

    Clients in my VPNGWNET do get an IP assignet by pfsense.
    These clients can ping 192.168.1.1
    These clients can do DNS lookups
    These clients can access hosts on the VPN network

    Clients in my GUESTS do get an IP assignet by pfsense.
    These clients can ping 192.168.2.1 and 192.168.1.1
    These clients can do DNS lookups.
    These clients don't have access to the VPN and can't ping clients on the other side.

    Firewall-Settings for GUESTS Interface:

    Did I miss something?
    As far as I understand, this should work.

    Thanks in advance for any help.



  • Solved it.

    To work for the above setup correctly, I had to set NAT to manual.
    What I did not add was manual NAT rules for the second LAN. It works fine now with these additional settings:


Locked