You should not have to route anything manually. Your data center or ISP routes the /25 to 212.168.31.130. In essence, packets are sent there for you. PfSense then "knows" the LAN side is the /25 and sends them to the LAN.
-- Steve Yates ITS, Inc. -----Original Message----- From: List [mailto:[email protected]] On Behalf Of Daniel Eschner Sent: Tuesday, May 10, 2016 3:13 PM To: pfSense Support and Discussion Mailing List <[email protected]> Subject: Re: [pfSense] Routing Issue Let my try to explain it completely ;) i configured something like that in my first Router. I think CARP etc. is not the problem here: WAN (wan) -> igb0 -> v4: 212.168.31.131/29 FCSE_PUB (lan) -> igb1 -> v4: 212.168.31.2/25 HA_SYNC (opt1) -> igb3 -> v4: 10.0.0.1/24 The /29 Network is just a transfer-Net for the /25 Subnet. So i have to route the /25 thought the /29. In my Case it should be the .130 (CARP IP) I configured openVPN-Server to listen on one IP from the /25 Network (.1 CARP IP) VPN-Clients get a IP from 10.0.1.0/24 Network - that should be fine anyway. Connection etc. is working but when i make connections thought the VPN i will always see the IP from the WAN Interface but /25 are Public IPs so i want to have the (.1 CARP IP) show on remote Servers like google.com and so on. In Linux i just can setup the next hop like: ip r a 212.168.31.2/25 via 212.168.31.130 dev igb0 When it set the route with route add 212.168.31.0/25 212.168.31.130 i am not able to reach anythink. NAT is not needed i think because we use public IPs. So thats the reason why i am confused. traceroute -i igb1 web.de traceroute: Warning: web.de has multiple addresses; using 82.165.229.138 traceroute to web.de (82.165.229.138), 64 hops max, 40 byte packets 1 * * * 2 * * * On the Router-Site from my ISP all traffic to the /25 is routed to the .130 on my site. > Am 10.05.2016 um 21:57 schrieb Steve Yates <[email protected]>: > > I'm a bit confused whether the /25 is your LAN subnet or another interface. > The OpenVPN tunnel network has to be a subnet that is on no other interfaces > including the remote PC's LAN. For example we have our data center using a > /29 for WAN, a /25 for LAN, 10.20.1.0/24 for PFSYNC, and 192.168.199.0/24 for > OpenVPN. 192.168.199.0/24 is just used to route packets from the remote PC > to behind the router. > > You wrote "/130" for the CARP WAN alias...I'm assuming that's a typo and > should be "/29" like the others. > > -- > > Steve Yates > ITS, Inc. > > -----Original Message----- > From: List [mailto:[email protected]] On Behalf Of Daniel > Eschner > Sent: Tuesday, May 10, 2016 2:32 PM > To: [email protected] > Subject: [pfSense] Routing Issue > > Hi there, > > i try to configure 2 PFsense Firewalls as the Following Setup: > > My ISP gave me a /29 ans Transfer-Network. I Setup the IPS as the following: > > x.x.x.131/29 PF1 > x.x.x.132/29 PF2 > x.x.x.130/130 CARP Interface (Redundant) > > After that i added x.x.x.2/25 and to another interface and created > also a CARP Interface with IP 1 (default gateway for Clients) > > Now i want to route the /25 thought the .130 IP for example that openvpn have > the IP from the /25 network. > When i establish a BPN Connection it shows me always the IP .131 > > Can it be changed for example change Outbound NAT or so that the .1 is shown > in the Interface? > All IPs are Public IPs > > Hope you understand what i mean ;) > > Cheers > > Daniel > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
