Client can't ping a server on a different gateway
gorilly last edited by
Sorry if this has been asked a thousand times before.
I have a network with 2 servers, both servers are on different gateways (one pfsense, one netgear router) as they both need different wan connections.
I have a vpn client connecting to open vpn on pfsense, i can connect to the server which has pf sense as its gateway but i cant ping or reach the server which is on the same network but connected to a different gateway.
I've done a really rough diagram which explains the set up.
im hoping someone can talk me through this - i am assuming i need to add a static route but im not sure what i should be adding?
The client can ping and get to the application server (because pfsense is its gateway) but it cant ping or reach the terminal server because its gateway is the netgear router
what I would suggest is get rid of netgear, why can you not just put both connections into pfsense? Now you get advantage of load balancing, failover, etc..
That design is broken out of the gate..
gorilly last edited by
thanks for the reply but there is more of a back story to this which is the reason for this set up.
The netgear is owned by another company and the current pfsense box only has 2 NICs.
I am currently waiting on the username and password for the netgear so i can grab the dhcp reservations which i should have within 2 weeks time, along with another nic, this is also a production network - not a home network and i have a maintenance window for this work to happen. Lastly the office is about 275 miles away and the staff will not touch the box!
This was thrown on the end of the network as a temporary VPN solution to get the clients through the next two weeks and avoid using hamachi.
So yes, i get what you are saying but sadly life isn't always that simple
then you could create a static route on the box your trying to get to, so that it knows to talk to pfsense when talked to from a openvpn client. Need to create a route for your vpn clients network pointing to the pfsense lan ip.
Other way you could do it is nat it pfsense, so that vpn clients look like they are the pfsense lan IP - but this is bit more complicated.
The correct solution though is to have pfsense be the endpoint of both of these connections - or just get rid of one of the connections, etc.