Connecting two pfSense instances over LAN



  • Hi all,

    I want to connect two LAN interfaces using two pfSense instances (both on VMWare). I've followed this guide: https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5 to setup the instances. My setup now is as follows:

    Site A:
    –-----
    WAN (Internet)
    LAN 192.168.20.1 (Connected to Site B LAN)
    DMZ 192.168.10.1

    Site B:

    WAN (Internet)
    LAN 192.168.21.1 (Connected to Site A LAN)
    DMZ 192.168.11.1

    What I want to achieve is that boxes in Site A's DMZ can talk to boxes in Site B's DMZ through the LAN connection and vice versa.

    I am not a network guru, but I understand I have to setup a route on each pfSense instance.

    I have setup a Static Route on Site B:

    Network / Gateway / Interface
    192.168.20.0/28 LANGW - 192.168.21.1 LAN

    But without luck.

    Ping from a Site B DMZ box results in a "Destination Host Unreachable"

    Do you guys have any suggestion?

    Thanking you in advance,

    Wouter



  • To get it working the way I think you want it, you will need to either add another NIC or put all your PC's in the "DMZ" and use that as the LAN on both sites.  Here are some corrections:

    • If Site A is directly connected to Site B via the interface labeled "LAN" and you want to pass traffic across that direct link, both "LAN" interfaces need to be in the same subnet.  e.g. change Site B LAN to 192.168.20.2 or change Site A LAN to 192.168.21.2

    • Your static routes are configured incorrectly.  Lets assume you change site B's LAN to 192.168.20.2, your static routes should look like this:

      Site B
      Network / Gateway / Interface
      192.168.10.0/28  |  192.168.20.1  |  LAN

      Site A
      Network / Gateway / Interface
      192.168.11.0/28  |  192.168.20.2  |  LAN

    Assuming you have any/any firewall rules on all your interfaces, your "DMZ" subnets should now be able to communicate.


Log in to reply