Routing Help



  • First time posting in pfsense form, long time user of pfsense.

    Not sure if this possible I have a pfsense firewall and want to start two evaluate softether VPN server. I have built a separate server running Ubuntu 14.04 and installed softether. I’m not really positive how to route the site lan traffic to the softether device via pfsense to connect to site b. The goal is to have a site to site VPN connection 192 network to 10.0.3 network. I have done this using openvpn using pfsense as the gateway in the past.

    Currently I have a single Pfsense firewall with a DMZ , LAN and WAN interfaces. I was planning on putting the softether in the DMZ interface.

    Pfsense and softether is running virtual in ESXI

    Site A Private Subnets
    LAN  192.168.1.0/25
    DMZ 172.16.5.0/25

    Site B Private Subnets
    LAN 10.0.2.0/25
    DMZ 10.0.3.0/25

    Any help would be great

    Brian



  • When defining the tunnel, make sure to put all the relevant networks at each end into the Local Network/s and Remote Network/s boxes on the webGUI. Then routes across the tunnel will appear when the tunnel comes up.
    Put pass rules on each end of the tunnel to allow the incoming traffic from the other end.
    Put pass rules on local subnets firewall rules to pass the traffic for the other end without putting it to any gateway or gateway group. That way this internal private network traffic will be handed directly to the ordinary routing table.

    (If you have multi-WAN and thus have rules that feed lots of public internet traffic into varioues gateways or gateway groups, then the pass rules for the internal OpenVPN traffic need to come before all that - you do not want to accidentally push your internal traffic out some gateway to the public internet.)