FWIW, I was having similar problems crossing LANs on a 2-LAN/5-WAN (1 real/4 VIPs) setup and ended up solving it using NAT (pfSense v2.1 release).
The setup is using "Pure NAT" (in System -> Advanced -> Firewall/NAT) along with Manual Outbound NAT rules and what I had to do was NAT from LAN to LAN -- specifically, in Outbound NAT: LAN1 LAN2 * * * LAN1 address * NO "NAT LAN2 to LAN1" LAN2 LAN1 * * * LAN2 address * NO "NAT LAN1 to LAN2" (aliases are defined to abstract both LAN1 and LAN2 and the "LANx address" is the usual "Interface Address" setting) I still don't understand why routing doesn't take care of it and why NAT is required for certain things to work, but this was the only way I could get it to work in my setup. Of course, I'd like to be "educated" if someone has an answer. Bryan D. http://www.derman.com/ On 2014-Feb-26, at 11:41 AM, Muhammad Yousuf Khan <[email protected]> wrote: > i am using two instance one on port 1194 and one on 1196 > 1194 is preshared for dd-wrt working fine.tunnel subnet is 10.3.3.0/24. > > 1196 is remote acess for road warriers.tunnel subnet is 10.4.4.0/24 > > i want both my VPN segments to use my headoffice LAN and can also connect > to each other as hub and spoke. > > > both VPN properly setup and working fine. i can acess pfsense LAN segment > from remote site and from road worrier both. however when i try to access > 10.3.3.0/24 from 10.4.4.0/24 clients it does not reach > > i know you might be saying it is a routing issue. however further analysis > says something else. > > my dd-wrt can reach 10.4.4.1 (pfsence interface) after i define the static > route in dd-wrt router. > but my dd-wrt router can not reach 10.4.4.10( which is an ip of my road > warrier windows laptop) and at the same time my lapton can reach 10.4.4.1 > and LAN segment also. but can not reach 10.3.3.1(which is pfsence > interface). > > > i set a route for 10.3.3.0/24 with gateway of 10.4.4.1 in windows laptop > but still i can not reach the 10.3.3.1 > > ... _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
