Testing VPN router inside my Tomato controlled network

Discussion in 'Tomato Firmware' started by WhiteWidow, Jun 9, 2014.

  1. WhiteWidow

    WhiteWidow Network Newbie Member

    So Ive been tasked to test a Negate router running pFsense for my company. Out company has several remote location that are not functioning correctly on their VPN. So i was given a spare pFsense router for testing purposes at my home location.

    The issues is I have network setup in place that I do not want to tamper with which is controlled by a router running Tomato. What i like to do but Im no sure if this is possible is to be able to connect to my works VPN while having the pFsense router inside my network.

    My home setup is a Comcast Motorola modem to the Tomato router, Router is connected to a 1Gb switch downstairs and a server in my office. My home network is on the 192.168.0 subnet and the pFsense router is handing out 10.0.2.xx on the LAN port. I want to be able to hook the pfsense router wan port to the 1Gb switch which does work but it pulls a IP from the DHCP pool on my network (192.168.0.x). I think this is stoping me from connecting to the work VPN as if I connect the pFsense router wan port to the Comcast modem I can connect. Is there a way for the Tomato router have the pFsense router directly pass packets to the comcast router? Im not sure how to word this, or what that would be called.. maybe something to do with NATing? Sorry im kinda green to this as I more of a Systems admin for Windows servers/workstations. Thanks for any help
  2. BikeHelmet

    BikeHelmet Addicted to LI Member

    Not sure, as I'm not too familiar with pfsense and fancy subnet setups.

    I just wanted to mention that I've got my modem plugged into a LAN port on my router rather than the WAN port, and then the WAN port plugs into another router LAN port. (Loopback!) It lets me access the modem at the same time as my router. Some such trickery might be helpful for accessing both of those things simultaneously? If you wire router WAN to router LAN and pfsense WAN/LAN to router LAN and then router LAN to modem, you've basically got a switch between your cable modem and two routers? (one tomato, one pfsense)

    If you want the pfsense router downstairs and plugged into the gigabit switch, do the same thing, except make sure the switch is plugged into router LAN along with router WAN and the cable modem.

    Experiment, and if it doesn't help in any way, return for some better advice. ;)
  3. Grimson

    Grimson Networkin' Nut Member

    All you need to do is forward the ports, the vpn connections uses, from your tomato router to the vpn router. If you don't know the ports you can put the VPN router into the DMZ.

    Your wiring can cause problems. You better put your modem into a different subnet and enter its IP under Basic -> Network there in the WAN section you'll find "Route Modem IP".
  4. BikeHelmet

    BikeHelmet Addicted to LI Member

    Doesn't work. I tried to use that feature, but it's never worked properly.

    What sort of pitfalls are there to doing it the way I have? So far I haven't encountered any issues.
  5. EOC_Jason

    EOC_Jason Networkin' Nut Member

    As long as your modem is a different IP than your router, you should be able to access it via plugging it in the WAN port... I.E. my modem is, but my router is New versions of Toastman even have a spot to manually enter your modem's IP if you are having connection issues, but I never have from the half a dozen routers I've setup...

    Now, back on topic with your VPN issue...

    You should be able to just put your Pfsense router behind your other router, let it grab a LAN IP from your network as its WAN IP. Then temporarily hook your computer up to the LAN port of the Pfsense router, and away you go... Your home network would basically be transparent to the whole process...

    If you want to integrate your home network with the pfsense router, then you would need to take a few different steps. Temporarily connect your PC to the PFsense router, disable DHCP (and probably the WAN port if possible). Manually configure the IP & Default Gateway of the pfsense router to have an IP on your home network. Now you can connect the pfsense router to your network via one of its LAN ports, so basically it is just another device sitting on your network. You can also hook your PC back up to its original port.

    Configure the PFsense VPN and see if you can get it to connect. If so then you've probably completed the hard part. Now if you want your LAN devices to be able to use the VPN, go to your TOMATO router, and go to your ROUTING tab.. Add a static route to your office subnet that uses the pfsense IP as the gateway. Easy as pie...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice