If you are having trouble resolving a domain name with an A record as an intranet address when using pfSense, add the following field to the Custom options of your DNS Resolver settings.
server:
private-domain: "example.com"
标签: pfSense
Routing local traffic to a remote outbound with pfSense Firewall and OpenVPN
The purpose of this article is to realize the local machine X can communicate over local router A running pfSense through the WAN gateway of the remote router B also with pfSense.
The lab environment
Local machine X:
[IP_ADDR]=192.168.0.254 [Mask]=255.255.255.0 [GW]=192.168.0.1
Local router A:
[IP_ADDR]=192.168.0.1 [Mask]=255.255.255.0 [GW]=Router_A_WAN_ADDR
Remote router B:
[IP_ADDR]=192.168.11.1 [Mask]=255.255.255.0 [GW]=Router_B_WAN_ADDR
OpenVPN client on router A:
[Mode]=TUN [Interface]=OVPN_A [IPv4 Tunnel Network]=192.168.30.49/30
OpenVPN server on router B:
[Mode]=TUN [Interface]=OVPN_B [IPv4 Tunnel Network]=192.168.30.50/30
1. Establish an OpenVPN TUN tunnel between router A and B anyway. This is not the focus of this article.
2. Set a allow all rule for OVPN_B on router B
[Area]=OVPN_B
[Action]=Pass
[Interface]=OVPN_B
[Protocol]=Any
[Src]=any
[Dst]=any
3. Set an Outbound NAT on the firewall of router B
[Interface]=WAN
[Protocol]=Any
[Src]=192.168.0.0/24 (or any area you want)
[Dst]=any
[Translation addr]=Interface Address
4. Set a rule for routing traffic to OVPN_A on the LAN firewall table of router A
# Route all traffic of local machine X
[Area]=LAN
[Action]=Pass
[Interface]=LAN
[Protocol]=Any
[Src]=192.168.0.254
[Dst]=any
[Gateway]=OVPN_A
# Route specific destnation IP traffic
[Area]=LAN
[Action]=Pass
[Interface]=LAN
[Protocol]=Any
[Src]=any
[Dst]=192.168.11.1 (example)
[Gateway]=OVPN_A
Result: (Tested on local machine X)
> tracert 192.168.11.1
Tracing route to 192.168.11.1 over a maximum of 30 hops
1 20 ms 20 ms 20 ms 192.168.30.49
2 30 ms 30 ms 30 ms 192.168.11.1
Trace complete.