I have a pfsense gateway that connects to the ISP and gets a publix address. It takes care of servers and clients without a problem. To that gateway I connected another pfsense to play around and just test things without breaking what's in PF01's netwrok.
The problem I am stuck with right now is that I cannot access PF02's network from a vpn.
Here's a pretty graphic to show what I mean :
- "Me" (with vpn) and "admin" (localy) can access what happens behind PF01 and PF02.
- (not picture) admin02 who is also between pf01 and pf02 but on a completely different interface/network, cannot connect to PF02, only PF01.
I want to be able to access PF02 from "admin02" without going through PF01 (it doesn't work anyway).
My config :
OPENVPN configured to give address x.x.x.x/x and give access to lan interface of PF02 I configure my openvpn client to access through the ddns. It is configured to go through the public address and it works, I can access "other webserver" from "ME" with that domain name.
In PF01, I forward any to wan-of-PF02:1194 In PF02, I have a rule to pass any to the wan:1194, and another one on the LAN for any/any
System logs of openvpn (and packet capture) do note that someone tried to connect but always fails on handshake.
I've tried finding a solution but it always ends up with "do not do double nat" which is not what I want to do!
I did test site-to-site between PF01 and PF02 (it working, joined domain and all) but now I really want remotely connect to the 2nd firewall directly.
EDIT: I noticed I forgot something in my little drawing there, it canada day sunday so I'll be back tuesday to edit it. I rewrote the