Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client can't ping a server on a different gateway

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      gorilly
      last edited by

      Hi

      Sorry if this has been asked a thousand times before.

      I have a network with 2 servers, both servers are on different gateways (one pfsense, one netgear router) as they both need different wan connections.

      I have a vpn client connecting to open vpn on pfsense, i can connect to the server which has pf sense as its gateway but i cant ping or reach the server which is on the same network but connected to a different gateway.

      I've done a really rough diagram which explains the set up.

      im hoping someone can talk me through this - i am assuming i need to add a static route but im not sure what i should be adding?

      The client can ping and get to the application server (because pfsense is its gateway) but it cant ping or reach the terminal server because its gateway is the netgear router

      Thanks

      1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator
        last edited by

        what I would suggest is get rid of netgear, why can you not just put both connections into pfsense?  Now you get advantage of load balancing, failover, etc..

        That design is broken out of the gate..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

        1 Reply Last reply Reply Quote 0
        • G Offline
          gorilly
          last edited by

          thanks for the reply but there is more of a back story to this which is the reason for this set up.

          The netgear is owned by another company and the current pfsense box only has 2 NICs.

          I am currently waiting on the username and password for the netgear so i can grab the dhcp reservations which i should have within 2 weeks time, along with another nic,  this is also a production network - not a home network and i have a maintenance window for this work to happen. Lastly the office is about 275 miles away and the staff will not touch the box!

          This was thrown on the end of the network as a temporary VPN solution to get the clients through the next two weeks and avoid using hamachi.

          So yes, i get what you are saying but sadly life isn't always that simple

          1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator
            last edited by

            then you could create a static route on the box your trying to get to, so that it knows to talk to pfsense when talked to from a openvpn client.  Need to create a route for your vpn clients network pointing to the pfsense lan ip.

            Other way you could do it is nat it pfsense, so that vpn clients look like they are the pfsense lan IP - but this is bit more complicated.

            The correct solution though is to have pfsense be the endpoint of both of these connections - or just get rid of one of the connections, etc.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.