Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - AndrewBucklin

Pages: [1]
Routing and Multi WAN / Force ALL traffic over VPN Gateway
« on: February 08, 2018, 11:34:05 pm »
Been working on this for a few hours now and hoping someone can help me out.

I have two gateways:  The WAN connection ( and an OpenVPN client connection to an OpenVPN server at a remote location.

Using firewall rules and Outbound NAT, I have been able to successfully route all traffic from a specific VLAN over the OpenVPN connection. Verified this by going to from a client on that VLAN and the public IP displayed was that of the remote site.

PROBLEM:  When the client on the VLAN tries to access the WAN IP (, they bypass the OpenVPN tunnel. Is this due to NAT reflection? NAT reflection is not desired for traffic from this VLAN.  Of course this means that traffic destined for servers on the will first need to traverse the OpenVPN connection, exit to the internet at the remote site, and then traverse the internet back to the pfSense box, but that is what is desired for this VLAN for various reasons.

Any thoughts?  Thanks in advance.  8)

IPsec / Routing internet traffic through a site-to-site IPsec tunnel
« on: January 12, 2017, 04:24:26 pm »
I've got the site-to-site IPsec between two pfSense boxes working fine, and I can even ping Site B's pfSense IP ( from a computer at Site A ( with no problems, but I can't get internet traffic to pass through the tunnel.  Here are some screenshots (I'm trying to get Site A's GUESTLAN to use Site B's internet connection):

Site A:

Site B:

For troubleshooting purposes, I have the same IPv4 * * * * * rule in the IPsec tab of the firewall at both sites. I'm thinking it has something to do with Outbound NAT at Site B, but not matter what I try, nothing works. Been trying to figure this out all day; thanks for your help!

Pages: [1]