1

I've asked a similar question previously but I am just now sure I am understanding what I need to do. My current set-up is as follows:

DC1[192.168.0.101]---RV082(A)[192.168.0.1]---[VPN]---RV082(B)[192.168.3.1]---pfSense[192.168.3.100]---DC2[192.168.1.2]

DC2 is able to connect to DC1 just fine using the private IP Address of 192.168.0.101. Of course this works because DC2 sends all traffic to pfSense as it's gateway and PFSense sends traffic to the local RV082B. There is a route because of the VPN.

The problem that we are experiencing is that the branch firewall has no knowledge of the subnet behind pfSense.

Somehow we need to add a route from the branch firewall so that it knows where to send traffic.

We basically just want to be able to ping, RDP, etc to 192.168.1.2 and DC2 being the recipient (there are actually other nodes besides DC2). Its a challenge now that we have pfSense in the way. Its almost as if we have two firewalls. We don't know what to do because we really installed pfSense just for its captive portal capabilities.

Would configuring our pfSense box/router as a transparent bridge assist with this? I basically want a way to make pfSense disappear on the network so that when our VPN users ping or connect to a specified address, it can let the traffic pass to the correct node.

Community
  • 1
Sean
  • 313
  • 2
  • 8
  • 19

1 Answers1

1

If you're keeping the hosts behind pfSense on 192.168.1.0/24 then you can't make it a transparent bridge as it has to route to and from that network. You could bridge if LAN and WAN were on the same subnet. The VPN needs the additional route for that subnet via an additional phase 2 (how Linksys refers to that in its GUI I don't recall offhand), you need a static route on RV082(B) for the 192.168.1.0/24 network, and to disable NAT on pfSense.

Chris Buechler
  • 2,998
  • 14
  • 18