Hi !
One thing you may want to check on the client PCs, if they are Windows
machines, is the firewall setup: in Advanced/ICMP make sure "ICMP
Redirects" are allowed ... And if you have network printers, you may
want to set their gateways to the VPN box if they're to be addressed
from the remote place.
Another solution would be to put the VPN box on a separate pfSense
interface ; in that way nothing needs to be done on the boxes.
Last but not least, can't that appliance be replaced by pfSense
functionality ?
Cheers
Franck
On 12 déc. 07, at 15:12, Steve Harman wrote:
Hi!
\\ pfSense v1.0.1
We’re having a VPN appliance thrust upon us by our newly acquired
(!) parent company, in order to provide site-to-site connectivity
between “us & them”.
To reach the parent company’s remote LANs at head-office I think I
need to add static routes on our pfSense box pointing to the locally
hosted VPN appliance which will then encrypt traffic destined to the
parent co’s network ranges?
Thus;
pfSense > Static Routes:
Interface Network Gateway
LAN 10.1.0.0/16 192.168.1.253
Where “LAN” is the name of one of our local interfaces, 10.1.0.0/16
the remote network and 192.168.1.253 the address of the VPN
alliance. Do people think I’m on the right track with all this?
In readiness for the VPN box arriving I’ve actually put some static
routes in place and attempted traceroute to an address on one of the
remote networks from a machine on our LAN interface which the static
route is setup on.
Strangely though the output from traceroute shows packets attempting
to leave the building via our standard ADSL feed like anything else
and not trying to go via 192.168.1.253 the address of the soon to be
added VPN box. Is that what people would expect? The machine I’m
trying to trace from is definitely on the pfSense interface called
“LAN” where I created the static route.
I’m confused…
Many thanks,
Steve
<image001.jpg>
Steve Harman
Envisional
E-mail: [EMAIL PROTECTED]
Web: http://www.envisional.com
Tel: +44 (0) 1223 372 400
Fax: +44 (0) 1223 372 401
The information contained in this email message is intended only for
the individuals named above. If you are not the intended recipient,
you should be aware that any dissemination, distribution, forwarding
or other duplication of this communication is strictly prohibited.
The views expressed in this email are those of the individual author
and not necessarily those of Envisional Ltd. Before taking any
action based on this email message, you should seek appropriate
confirmation of its authenticity. If you have received this email in
error, please notify the sender immediately. Registered details:
Envisional Ltd, Betjeman House, 104 Hills Road, Cambridge, England.
CB2 1LQ. United Kingdom Company Registration No.3872790.
Franck Horlaville
IT Manager
