PfSense 2.0.3 - DHCP Relay through IPsec VPN don't work

  • Hi,

    Before create new topic, I looked for many topics, on google or here from first to the 26th page of this forum's section.

    I found some good ideas, but without effect for me.

    For information, I'm IT Manager since 14 years. I use DHCP and DHCP relay since 1999 (NT4 before 2000, 2003 and 2008), on many distants sites, but never with pfSense.

    In my actual job, I use pfSence since 2 years (2.0.1 and now on 2.0.3 on all pfSense).

    I need to (finally!) install an AD. So, I work with a test environnement before migrate all on production.
    I installed Win2012 Standard, configured roles (DNS and DHCP).

    Local DHCP works fine with the local scope. Just for test, works too with workstation in DMZ (through pfSence_Main_Office), DMZ's workstation catch DHCP lease from the LAN's Win2012's DHCP service with a dedicated DHCP Scope.

    2 distants offices are connected with IPsec VPN, since 1,5 year to the main office (between pfSenses).

    On first distant office, I disabled DHCP on LAN and Public_Wifi networks (independant).
    I activated DHCP Relay like to the first test.
    But, don't work.

    So, I looked on internet and on this forum.

    The best idea I found is to add gateway+route  on Mail Office's pfSense. Informations here :
    Why can't I query SNMP, use syslog, NTP, or other services initiated by the firewall itself over IPsec VPN?

    But, don't work.

    I checked rules in RULES > IPSEC, everything is permit, on each side.
    Distant's workstation can access to mail office's server, ping, files, LAMP, etc.
    The same on other side, Win2012 can reach distant networks.

    Have you any idea?

    Distant_pfSense1 ( + for public WiFi)
    Internet–----Main_pfSense---------LAN( server with scopes :, and
      |Distant_pfSense2 (

    I checked DHCP Server + scopes, DHCP Relay, dummy Gateways + route.


    I found too this topics :

  • Nobody?  :(

Log in to reply