have a public IP on em1
I have a private IP on em2 (10.0.1.10/24)
I have a private ip on OPT1 (10.201.17.1/28)
Normally I would have the OPT interface in a DMZ, but constraints aren't
allowing me to do that so the OPT1 interface is also plugged in on the
local LAN as well.
I've assigned a secondary address on a linux machine on the same subnet
as OPT1 (10.201.17.3/28). The primary address on the linux machine is
10.0.1.210/24
I have a VPN set up via the WAN interface to the subnet on OPT1 interface.
the tunnel comes up perfectly.
The linux machine can ping the primary interface on the pfsense machine.
The linux machine can ping a host on the other end of the tunnel reliably.
The linux machine can ping the OPT1 interface, but it is not reliable.
Huge packet loss numbers.
I can ping the host on the other end of the tunnel via the OPT1 interface.
I've tried all sorts of different rules, but I'm allowing Any traffic
and protocol from the OPT1 subnet to the OPT1 interface and vice-verse.
I've allowed all traffic from anywhere and to anywhere on the opt one
interface. I'm at my wits end. I need two different subnets on my LAN
and I need to tunnel one of them.
How do I make this happen?
Curtis
