Pfsense and site to site fiber links
-
Site one have subnets of
10.10.10.0 /24
10.10.20.0 /24Site two have
10.20.10.0 /24
10.20.20.0 /24site three has
10.30.10.0 /24
10.30.20.0 /24site one. two and three has (1) 1GB fiber links to all sites
Each site has vlans of 10( Data) ,20 (voice),
how do i configure pfsense to route traffic over the fiber links for DHCP, ETC but still us the same VLANS.
I have Layer 3 switches at all sites currently with IPSEC tunnels connecting all sites togther.
Also site 1 will have the main internet connection. So I would need to share that connection with all other buildings
-
https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnel
-
I already have IPSEC tunneels setup over the internet. We are getting 1GB fiber links installled. How would I configure pfsense to route over those links?
-
Huh?
-
You dont need todo much. Just assign the correct vlans to the right interfaces & add firewall rules.
The site with internet would need some manual nat rules for the subnets of the other sites.
The sites without wan need a manual gateway towards the wan-site to be used as def gateway.
Dont do nat on the fiber links!
-
Each site has there own internet.
Site one is
192.168.0.0/24 management vlan 1
10.10.10.0/24 vlan 10 Wired machines
10.10.20.0/24 VOICE
10.10.30.0/24 Printers
10.10.50.0/24 Guest Wireless
SITE 2
10.33.217.0/24 management vlan 1
10.50.10.0/24 vlan 10 Wired machines
10.50.20.0/24 VOICE
10.50.30.0/24 Printers
10.50.50.0/24 Guest Wireless
I currently have IP Sec Tunnels setup via pfsense at 3 sites but site 1 and 2 have fiber between them..
I though that if i created say vlan 600 as a vlan on pfsense and passed vlan 600 the trunk port on site 1 and then site 2 only trunk vlan 600.
-
Also site 1 will have the main internet connection. So I would need to share that connection with all other buildings
This sentence conflicts with what you have stated that each location has their own internet..unless you mean the the internet is only used for the ipsec p2p tunnel?
Are they 3 different buildings or 3 different locations?
Why don't you want each location to provide DHCP for those locations and instead get DHCP from main? I think you will need to use DHCP helper to accomplish that. Personally I would not want to as based on what you said each will have their own internet. If DHCP is being handled by main and tunnel goes down, all devices at remote site will be unable to get IP.
-
Sorry for the confusion…. I have two site as stated above. Each site has there own 100/100 fiber internet connection. There is a 1GB fiber link between sites. I need SITE 1 to be able to access site 2 over the fiber. All vlans 10,20,30,40,50 are at each site on different subnet (currently I am using IPSec Tunnels over the Internet)
What will be the best way to make the two sites route traffic over the fiber..
It created VLAN 224 at site 1 ip 10.0.0.253/24 on pfesense and trucked the vlan on the port from pfsense to the switch. And on the switch port that connects the fiber to the other buiding and at the other site I did the same with VLAN 225 and interface ip 10.0.0.2/24
Do I need to create routes on the switch or just on pfsense
