Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 Wan - 1 for VPN's 1 for Internet

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cconk01
      last edited by

      Hello all,
      I just setup my first pfsense, got a cupple vlans going and what not. Currently I have 3 site to site vpns setup. I would like to put the pfsense box in place of one of the netgear firewalls and start using it. Thing is, I have one PPPOE (dsl) connection and one dhcp (cable) connection. How can i setup the pfsense box to have the vpns travel across the dsl only, and have the internet trafic flow across the cable connection?

      I am running 1.2 RC4.
      WAN is PPPOE - Dynamic
      Opt 1 is DHCP - Dynamic

      Thanks in advance,
      Peter

      PS: I look forward to playing around with this firewall :-)

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        When creating the tunnel you can assign the interface that the tunnel gets terminated on. however this won't work reliably with dynamic endpoints. Depending on the opposite end of the tunnel this might work when using dyndns or if the opposite end is static. For the internet on opt1 traffic this is pretty simple. just create a firewallrule at firewall>rules, opt1:

        pass, any protocol, any source, any destination, gateway opt1

        That's basically it. However to not route the subnets behind the vpn tunnels directly to the opt1 gateway before it can hit the ipsec deamon create a firewall rule above that one rule like:

        pass, any protocol, any source, destination <vpn subnets="">, gateway default.

        Basically that's it.</vpn>

        1 Reply Last reply Reply Quote 0
        • C
          cconk01
          last edited by

          So dyndns accounts will not work? essentially what i have right now are all using dyndns accounts. Why will this cause problems?

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            It's not designed that way yet. Search the forum if you need further details. This has been discussed in depth already. When using dynamic endpoints at both ends try using openVPN.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.