The pfSense Store

Author Topic: Static DHCP addresses not visible over IPSEC  (Read 1004 times)

0 Members and 1 Guest are viewing this topic.

Offline bmarshallbri

  • Newbie
  • *
  • Posts: 10
    • View Profile
Static DHCP addresses not visible over IPSEC
« on: December 07, 2008, 02:14:12 pm »
Hi All,

I have a problem that I'm pretty sure can be resolved with some simple re-configuration. But I seem to be overlooking something. We're running DHCP on one of our LAN interfaces. We have some RHEL4 servers connected to the subnet with their NIC's configured statically like this:

DEVICE=eth1
BOOTPROTO=static
HWADDR=00:14:85:04:42:47
IPADDR=10.2.200.41
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet

We do this because these machines have some interfaces configured directly to public IP's and have to have all of their nic's statically assigned. If I configure eth1 to use DHCP it messes up the default gateway in the routing table. We need the gateway for eth0 to be the default gateway for the system in order for it's services to route properly.

In PFSense I have configured a static DHCP lease in an attempt to get the firewall to be aware of this machine. But that does not seem to do the trick. In the DHCP lease status it always shows the machine to be offline. When plugged in on the local network I can get to these machines. But I think that's because of the switch and ARP requests. So if I create an IPSEC tunnel I can't get to those machines because the DHCP server does not think the machine is there. But I can ping the machine from the PFSense firewall so I do know I can get to it from the LAN interface.

So I'm a bit stumped at this point. Does anyone have any words of wisdom or configuration suggestions for either the servers interface configuration or the firewall configuration?

Thanks

Brian

Offline bmarshallbri

  • Newbie
  • *
  • Posts: 10
    • View Profile
Re: Static DHCP addresses not visible over IPSEC
« Reply #1 on: December 08, 2008, 11:48:31 am »
I should also add that we do have firewall wall rules setup for IPSEC. All systems that are connected vie their DHCP client, show up as online leases and we can get to them and the LAN interface over IPSEC.

Any ideas?