Hi Klaus,
Thanks for the initial assistance. I have now added an interface into each
pfSense box to use for this link. Just because the rest of my subnets are /24
I have added the same to these two cards.
So in
10.0.0.0/24 (Site A) I have added a new interface with 10.0.9.1 and from my
pfSense box and all my workstation boxes I can ping 10.0.9.1
10.0.2.0/24 (Site B) I have added a new interface with 10.0.9.2 and from my
pfSense box and all my workstation boxes I can ping 10.0.9.2
From
10.0.0.254 I can ping 10.0.9.1 but not 10.0.9.2
10.0.2.254 I can ping 10.0.9.2 but not 10.0.9.1
Even without any routes being created I figure from 10.0.9.1 I should be able
to see 10.0.9.2
We did have a lightning strike so now I am questioning if I have my setup
correct or some more dead hardware here in the building.
Thanks.
From: Klaus Wunder [mailto:[email protected]]
Sent: Tuesday, August 02, 2011 4:03 AM
To: [email protected]
Subject: AW: [pfSense Support] Linking 2 Building without VPN
Hello,
do you have a Layer 2 connections between the buildings?
If, I think there are two possible options
1. Creating a Transport LAN to connect the buildings
In this case you have to create a new Interface on both sites.
You can create a small subnet 10.0.254.252/30 to interconnect the LAN. In this
way you can use static routing
2. Creating a Transport LAN with failover
I think a other option is to create the transport LAN and use a dynamic routing
protocol to interconnect the LANs on booth site. In this case you can use the
IPsec connection as a backup link.
I think this solution will work with OSPF, you can install on pfSense.
If you have questions just let me know.
Regards
Von: Ron Lemon [mailto:[email protected]]
Gesendet: Dienstag, 2. August 2011 06:24
An: '[email protected]'
Betreff: [pfSense Support] Linking 2 Building without VPN
Hello,
I have 2 building each with multiple networks. They are currently joined via
an IPSec VPN.
Building A is 10.0.0.0/24 and 10.0.1.0/24
And
Building B is 10.0.2.0/24 and 10.0.3.0/24
Right now I have a 10 Mb/s link to the internet in building A and a 100 Mb/s
link in building B so I have an IPSec vpn tying 10.0.0.0 to 10.0.2.0 and
10.0.3.0 and the same for 10.0.1.0
Now I have just been provided a 20 Mb/s dedicated patch cable between the two
buildings (this wire has no services on it but is essential a 30 KM patch
cable).
What is the best way to utilize this new "Patch Cable" to take the place of my
current IPSec VPN links? If need be I can add interfaces to the 2 pfSense
boxes or just make configuration changes.
Thanks.
