Static route & NAT to secondary LAN gateway
-
I'm not sure if the subject is accurate for what I'm trying to do, so I'll explain it…
My LAN is on 192.168.2.0/24. I have two WAN interfaces, connected to separate ISPs and pfSense is my default gateway for all devices on the 192.168.2.0/24 subnet.
There are some remote networks I need to reach via PPTP. Since pfSense cannot act as a PPTP client (or maybe I'm too dumb to figure out how to do it!), I have setup a Linux VM which is running pptp client and it does connection sharing and NAT via iptables. The VM is on 192.168.2.253, and one of the remote networks I'm connecting to via PPTP is on 10.20.30.0/24.
I have set a static route on all PCs to send traffic to 10.20.30.0/24 via the 192.168.2.253 gateway, and this is working just fine...
Now, I want to avoid having to configure the route on all LAN devices (there are 3 VPNs currently, so 3 routes per device), so I was wondering if I could do this using the pfSense instead.
So far on pfSense I've been able to:
- Create a gateway on the LAN interface, with IP 192.168.2.253
- Add a static route for 10.20.30.0/24 with the above gateway
I can ping devices on the 10.20.30.0/24 from the pfSense diagnostics page only… doing so from any other device on the LAN doesn't work. I suspect I need to force the pfSense to NAT the traffic to it's inside IP address (192.168.2.254) before routing it via the pptp gateway (192.168.2.253).
The only thing I could think of was to try adding a firewall rule on the LAN interface to do this (i.e. any traffic to 10.20.30.0/24 should use gateway 192.168.2.253), but that didn't work.
Any thoughts?
Once I can get one of the remote networks to connect, I'll just copy the configuration for the other two...
Thanks!
-Alex