Hi Everyone,

I'm trying to figure out how to best configure a setup where we have pfSense behind a Mikrotik RB3011. The setup is as follows:

Mikrotik
Port 1 - Internet/WAN
Port 6 - LAN 192.168.10.254/24
Port 7 - pfSense WAN. The Mikrotik is set to provide a static DHCP address to pfSense of 10.0.88.8. The gateway and DNS is the Mikrotik 10.0.88.254

pfSense was introduced so we could utilise Content Filtering and Suricata. Suricata has not been implemented yet.

The issue is we have a remote site where there is a L2TP VPN connection to the Mikrotik. The remote subnet is 192.168.15.0/24. Within the Mikrotik there are the necessary static routes that worked flawlessly before we introduced pfSense.

On pfSense at the main office, I created static a route to the Mikrotik 192.168.10.254 so it knew where to find the 192.168.15.0/24 addresses at the remote site. I can ping the remote IPs from pfSense without issue and there are no dropped packets. I even ran WinMTR (for hours) to check whether it was dropping packets and nothing, everything was working as expected.

The remote site connects to an RDP server located at the main site through the VPN. The problem is that RDP sessions keep dropping out randomly every 5 minutes or so. If I remove pfSense from the equation, everything works flawlessly again. I can't find anything in the logs to indicate that there's an issue.

So my questions is, is there something else I need to do to make this work? or alternatively, does someone have a suggestion how this can be done better?

Thanks

Duke

So your RDP server is behind the pfsense? Are you double NATTED? Sounds like a MTU problem, can you do a MTU test?

So your RDP server is behind the pfsense? Are you double NATTED? Sounds like a MTU problem, can you do a MTU test?

Yes, the RDP server is behind pfSense. When you say double NATTED, do you mean on the Mikrotik?

Do an MTU test between the Mikrotik and pfSense do you mean?