Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing Help

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O Offline
      ozzbrian
      last edited by

      First time posting in pfsense form, long time user of pfsense.

      Not sure if this possible I have a pfsense firewall and want to start two evaluate softether VPN server. I have built a separate server running Ubuntu 14.04 and installed softether. I’m not really positive how to route the site lan traffic to the softether device via pfsense to connect to site b. The goal is to have a site to site VPN connection 192 network to 10.0.3 network. I have done this using openvpn using pfsense as the gateway in the past.

      Currently I have a single Pfsense firewall with a DMZ , LAN and WAN interfaces. I was planning on putting the softether in the DMZ interface.

      Pfsense and softether is running virtual in ESXI

      Site A Private Subnets
      LAN  192.168.1.0/25
      DMZ 172.16.5.0/25

      Site B Private Subnets
      LAN 10.0.2.0/25
      DMZ 10.0.3.0/25

      Any help would be great

      Brian

      1 Reply Last reply Reply Quote 0
      • P Offline
        phil.davis
        last edited by

        When defining the tunnel, make sure to put all the relevant networks at each end into the Local Network/s and Remote Network/s boxes on the webGUI. Then routes across the tunnel will appear when the tunnel comes up.
        Put pass rules on each end of the tunnel to allow the incoming traffic from the other end.
        Put pass rules on local subnets firewall rules to pass the traffic for the other end without putting it to any gateway or gateway group. That way this internal private network traffic will be handed directly to the ordinary routing table.

        (If you have multi-WAN and thus have rules that feed lots of public internet traffic into varioues gateways or gateway groups, then the pass rules for the internal OpenVPN traffic need to come before all that - you do not want to accidentally push your internal traffic out some gateway to the public internet.)

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.