Single NIC?!



  • I have a client who has a pfSense install used as an IPSec site-to-site VPN endpoint.  The pfSense install is on ESXi 5.5 - virtual guest.

    Whoever set this up confuses me.  pfS only has a single NIC defined as WAN (10.1.10.2).  There is an active IPSec connection between the local pfS and a remote SonicWALL (192.168.1.0/24).  Help me understand what is going on here.  How would a single NIC pfS work?

    The WAN rules are * (pass all).  How does this make sense?



  • You can route traffic in and out of the same NIC in that case. It tends to be an ugly design, and is kind of weird, but no requirement to have >1 NIC.



  • @cmb:

    You can route traffic in and out of the same NIC in that case. It tends to be an ugly design, and is kind of weird, but no requirement to have >1 NIC.

    Having a config like this - does it require some sort of weird setup with the IPSec VPN?  The tunnel is up but I'm not able to ping anything from either side.

    All the client PCs that are on the same LAN as the pfSense point to the ISP modem/router as the default gateway (10.1.10.1).  I would have expected to see the client PCs point to the pfS box (10.1.10.2) as their gateway.



  • There are routing complications, as that system isn't going to be the default gateway in such a config. Need a static route on whatever is the default gateway to send the IPsec network over to that system's WAN IP.