Issue with routing


    Ok after I put some thought into it I need to re-phrase whats going on.

    1. I want Comtrend DSL router to handle DHCP in range
    2. LAN of pfSense interface set to static (connected to Comtrend)
    3. WAN interface on pfSense set to one of public IP addresses (thru comtrend)
    4. IPSec configured, can connect thru xxx.66 public address, can ping
    5. All remote clients thru IPSec range can see LAN interface of pfSense (
    6. pfSense itself can see both LAN clients in range and can see IPSec clients) also has access to internet
    7. LAN clients connected to comtrend (192.168.1/0) can't see IPSec clients ( and vice versa

    My Phase 2 is set to network, and I can see pfSense so thats working ok, whats strange pfSense itself sees all users, just the end users can't see each other.

    I've tried setting gateway on pfSense LAN interface to (which is comtrend) but after that I no longer can connect via IPSec. Its all black magic to me why pfSense sees ok both networks but those networks can't see each other. I don't think this is routing issue from DSL router but pfSense itself (probably both, since I would assume DSL router will need to know gateway to IPSec subnet)

    It would be probably easier to use pfSense as DHCP and disable that completely on DSL router but I want to use pfSense as VPN only appliance.

    Original message:

    I'm very new to pFSense so I apologise for wrong terminology. This is very new to me.

    Goal: Provide mobility access to office lan network.

    I have small host running esxi 6 running couple vm's. I would like to provide IPSec tunel from outside of the office so I can access those VM's.
    VM is configured properly with 2 NICs (one for lan one for wan).

    Office network is this is where all VM's operate. pFsense was assigned lan IP.
    I'm using DSL service with 6 static IP's thru a Comtrend VI-3223u router.

    • Router has static public address of lets say
    • PFSense connects to the router and has assigned ip address on WAN
    • PFSense connects to the router and has assigned LAN ip address

    I've managed to set up pFSense IPSec and can establish tunel. However I can't access anything except pFsense itself.
    Remote client gets ip range. So just assume its

    When connection is established I can see pfSense from remote client (I can ping / access
    I can ssh into pfSense and thru shell I can ping other servers on the lan and access them (lets say I can also see remote client from pfSense end (can ping

    However remote client doesn't see any lan servers and vice versa lan servers do not see network (can't ping etc)

    The comtrend router where I have both LAN and WAN plugged in sets local network as I thought this could be internal routing problem but not sure since I can clearly see all devices from pfSense VM.

    Firewall rules are set to allow all traffic on IPSec, I have not set up any static routes however tried couple configurations nothing worked. For NAT I have automatic settings there.

    This is bit weird setup as I want to use Comtrend as router, and pfSense is used to provide IPSec and properly lock traffic there. I'm also considering using this as firewall for the VM's if I ever decide to get them on the public ip ranges.

    I'm using pfSense 2.2.8.

    I'm usually stubborn enough to play with it as long as it takes to get it working by just playing with different settings but I'm out of options, apparently need to refresh my networking knowledge a bit more.

    I would greatly appreciate any tips regarding this setup, did anyone ran into similar issues before ?

  • Your clients in 192.168.1.x/24 have the default gateway so they send all traffic outside the lan direct to the comtrend dsl router.

    can't work in this way…

Log in to reply