Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - AndrewBucklin

Pages: [1]
Routing and Multi WAN / Re: Force ALL traffic over VPN Gateway
« on: February 09, 2018, 03:52:40 pm »
That's what I was afraid of. I guess I was just hoping there would be some way to "trick" it, like with a virtual IP, or something.  :-\

In that case, let me share one of the reasons for trying to do this: Currently, there are dozens of NAT rules and associated Firewall rules on the 'WAN' interface to allow the general public access to web-facing servers and applications. Users on this VLAN should also have access to the same web-facing servers and applications, but not other servers on the production VLAN (such as database servers, backup servers, etc.).  Anyway to accomplish this without manually duplicating each rule from the 'WAN' interface to the 'VLAN' interface's firewall rule tab?


Routing and Multi WAN / Force ALL traffic over VPN Gateway
« on: February 08, 2018, 11:34:05 pm »
Been working on this for a few hours now and hoping someone can help me out.

I have two gateways:  The WAN connection ( and an OpenVPN client connection to an OpenVPN server at a remote location.

Using firewall rules and Outbound NAT, I have been able to successfully route all traffic from a specific VLAN over the OpenVPN connection. Verified this by going to from a client on that VLAN and the public IP displayed was that of the remote site.

PROBLEM:  When the client on the VLAN tries to access the WAN IP (, they bypass the OpenVPN tunnel. Is this due to NAT reflection? NAT reflection is not desired for traffic from this VLAN.  Of course this means that traffic destined for servers on the will first need to traverse the OpenVPN connection, exit to the internet at the remote site, and then traverse the internet back to the pfSense box, but that is what is desired for this VLAN for various reasons.

Any thoughts?  Thanks in advance.  8)

DHCP and DNS / Re: Cloudflare dynamic dns not working
« on: November 14, 2017, 12:21:59 am »
Why is the TTL field hidden for CloudFlare Dynamic DNS provider?
The CloudFlare v4 api documentation shows the TTL value is supported:

IPsec / Re: Routing internet traffic through a site-to-site IPsec tunnel
« on: October 12, 2017, 08:18:58 pm »
You did?!?!?  Do you mind sharing redacted screenshots?

IPsec / Re: Routing internet traffic through a site-to-site IPsec tunnel
« on: October 12, 2017, 09:47:44 am »
No, I never got it working with IPsec. I ended up going with OpenVPN instead.  :-\

IPsec / Routing internet traffic through a site-to-site IPsec tunnel
« on: January 12, 2017, 04:24:26 pm »
I've got the site-to-site IPsec between two pfSense boxes working fine, and I can even ping Site B's pfSense IP ( from a computer at Site A ( with no problems, but I can't get internet traffic to pass through the tunnel.  Here are some screenshots (I'm trying to get Site A's GUESTLAN to use Site B's internet connection):

Site A:

Site B:

For troubleshooting purposes, I have the same IPv4 * * * * * rule in the IPsec tab of the firewall at both sites. I'm thinking it has something to do with Outbound NAT at Site B, but not matter what I try, nothing works. Been trying to figure this out all day; thanks for your help!

Pages: [1]