Cable modem access
I have one of those cable modems that pass me a public IP via DHCP on the pfsense WAN interface and
also keep up a management/status interface listening on 192.168.100.1.
I've managed to access the modem interface through the manual provided here:
https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall (the 2.0 part on the bottom).
Now, most of the time I'm using pfsense to connect to an OpenVPN server, during which I cannot access
the modem status interface. What do I need to do so I can access the status interface even when I'm connected
to another VPN server?
How about just disconnect from the vpn as a simple solution.. What is exactly on this modem status page that you need to keep checking? ;) My cable modem is on 192.168.100.1 as well - and I can see a log you can see your signal levels, etc.
Just not sure why you would need to look at these unless there was some sort of problem with your internet connection.. I would think one of first things you would do if having a internet connection problem is disconnect from the vpn ;)
That being said - I assume you have some sort of policy routing in place to have clients use the vpn connection that pfsense has - so ie pointing them to your gateway that is the vpn. You would need to put in a rule above that allows for routing to 192.168.100 via pfsense normal routing vs sending the traffic down the vpn.
Yeah, yeah, totally true… disconnecting would be the easiest way ;-)
That being said... I'd like to learn and understand that from a scientific curiosity point-of-view ;-)
Would the policy routing go through the DHCP gateway (Currently I have two: The DHCP one and the VPN one) - which would be the DHCP-aquired public ip address or would I need to create an entirely new gateway just for that private netblock between pfsense and the modem (I've tried the latter and it didn't work)?!?
Can you post your lan rules on pfsense where your telling your lan clients to use your vpn connection?
So you created a VIP on your wan interface in the 192.168.100.0/x network – and then created a outbound nat rule?
I can access my modems config without doing anything special on pfsense.. I have a dhcp address on my pfsense wan 24.13.x.x connected to my cable modem.. But if I go to 192.168.100.1 on my client my modemstatus page comes up without having to do anything in pfsense with vip or nats or anything.
But if you created a vip on your wan, and then and outbound nat.. For that to be working you have to be using pfsense routing - if you put a specific GATEWAY in your lan rules - see attached for my lan rules. See how gateway is *.. So if I want to talk to say my wlan or dmz then pfsense just uses its local routing table to get there.
If you put in a specific gateway, this over rides the use of pfsense routing table.. Unless you put a rule above that that allows the traffic to whatever locally you want to allow - like 192.168.100 network off your wan via a VIP.
Or - not quite sure, are you talking on a PC (something behind pfsense) using its dhcp interface or a vpn client your running on that device.. The way I read it your using pfsense as the connection to your vpn and routing all machines behind pfsense through the vpn connection.