I know this doesn't answer your question and I'm not trying to, but I'd like to offer my opinion FWIW. I'd attach the LAN leg from your pfSense VPN boxes (machine 2 in each location) to a third leg on the Internet firewall in each location and static route out it. Sending ICMP redirects from the primary gateway telling clients to use a different gateway tends to be somewhat problematic.
--Bill On 1/23/06, David Strout <[EMAIL PROTECTED]> wrote: > > > Here is a quick visual of what I have in a coulpe of locations ....... > > Let me know if it comes through. > -- > David L. Strout > Engineering Systems Plus, LLC > > > ----- Original Message ----- > Subject: Re: [pfSense Support] default gateway on LAN ??? > From: [EMAIL PROTECTED] > To: support@pfsense.com > Date: 01-23-2006 4:36 pm > > > David Strout wrote: > > I have a ? / feature request. If pfS IS NOT the default GW on the LAN > > then I suppose that the only way to direct all traffic out the > > "REAL/PRIMARY" GW is to enter a static route for the LAN subnet to an > > alternate IP address (that of the default GW for the LAN). > > I believe you can enter a route with destination 0.0.0.0/0, which is the > same as your default route. Mind you, that will override your WAN's > default gateway (or they might fight with each other and really screw > stuff up, depending on the situation). > > > > I think that this would be a real nice feature addition for those who > > are adding pfS to their already existing LAN, for say a dedicated test > > platform, or dedicated VPN concentrator .... or a plethora of other > > reasons. > > in that type of situation, you either need your pfsense WAN interface > connected to your LAN (hence the default gateway will be correct), or if > you have public IP's to spare, the LAN interface can be on your LAN, and > the WAN on the Internet, and you would still not need any static routes > unless your LAN contains subnets other than the primary LAN subnet. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]