Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing between LANs not working

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      phatty
      last edited by

      I know I have to be overlooking something simple, but I am currently stumped. I have a network that looks like the following

      Site1
      LAN1/22
      LAN2/22

      I then have a direct connection between sites configured as PTP/24

      Site2
      RemoteLAN1/19

      I can ping LAN1 & LAN2 from the PTP Interface at Site2
      I can ping RemoteLan1 from PTP Interface at site1
      I can not ping any of the above from the LAN interface of either PFsense box
      I can not ping any of the remote networks from PCs behind any of the PFSense boxes.

      I have tried both static routes, and using the RIP protocol to get the sites talking.
      If I configure an IPSEC tunnel, then all sites are able to talk to each other no problem. The fact the IPSec tunnel works is part of reason I am so confused. As it would seem in order for the different sites to see each other through the IPSec tunnel, or a direct Route, the firewall rules would pretty much be the same. And they seem to be. Yet for some reason the firewall rules are allowing sites to talk when going through IPSec, but not a direct connection with static or RIP routes in place.

      In troubleshooting I have also attempted wide open rules of allowing any and all traffic on the PTP interface.  And both sites have LAN configurations that allow anything from the LAN subnet to go anywhere.

      What could I possibly be overlooking?

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        Is this your configuration:

        LAN-A–----pfsense-A------WAN-----pfsense-B-----LAN-B
        ?

        Is the part I named "WAN" a WAN connection or is it just another LAN subnet? If it is just another LAN subnet then you probably have to disable NAT of pfsense-A and pfsense-B WAN interface.

        Further pfsense-A needs a static route to LAN-B with gateway pfsense-B-WAN-interface
        And pfsense-B needs a static route to LAN-A with gateway pfsense-A-WAN-interface.
        pfsense-A/B must allow all traffic on WAN and LAN interfaces.

        When you talk from "PTP" - do you just mean a direct connection like connecting a computer to a switch or do you mean any VPN solution (PPTP)? I am asking this because you are talking about IPsec in the next chapter.

        So I guess you need to disable NAT:
        system --> advanced --> !?!
        Check if there is any checkbox for disabling NAT ONLY. If there isn't any go to "Ountbound NAT" on firewall --> NAT and select "Manual Outbound NAT" and then delete all existing NAT rules. This disables NAT.

        1 Reply Last reply Reply Quote 0
        • P
          phatty
          last edited by

          Here are some more details for you

          Site1, PFSENSE A
          LAN Interface
          VLAN Interface
          WAN Interface for Internet, Uses NAT
          PTP Interface uses a local subnet to route between to physical sites, no VPN at play here, it is direct connection between sites provided by our internet provider.

          Site 2, PFSENSE B
          LAN Interface
          VLAN Interface
          WAN Interface for Internet, Uses NAT
          PTP Interface on local subnet.

          So I can not turn NAT off entirely, I tried creating a rule for NAT that sais source Site1LAN destination Site2LAN and then checked the box that claims to turn nat off within that config, associated with the PTP interface and it did not work.

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            The you need to disable NAT only on the PTP interface.

            So go to outbound NAT rules, select automatic rules which generates NAT rules for all interfaces. Then switch back to manual outbound NAT rules. It shows you all the rules and then you probably only need to delete the rules for the P2P interfaces - on both sites.

            But the static routes on both sites must still be configured. And the firewall rules on the P2P interfaces must allow traffic from the other site.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.