Sorry i don't understand, in my case i have only a WAN so wich type of rule i need?
I need to force the packets to my tunnel network over the vpn even if my routing tables seem ok? My routing tables: 10.0.8.1 link#10 UH 0 8 ovpnc2 10.0.8.2 link#10 UHS 0 0 lo0 192.168.8.0/24 10.0.8.1 UGS 0 55 ovpnc2 192.168.9.0/24 link#2 U 0 38437351 em1 Thanks, 2012/12/19 bruno.deb...@cyberoso.com <bruno.deb...@cyberoso.com>: > Hello, > > You might need a firewall rule for the remote network in your lan rules > to force traffic to follow normal routing. > > In my case (2 WANs), I have a rule defining the defaut gateway for lan > traffic. To permit the traffic to remote vpn site, I have to add a rule > earlier for the remote network with no gateway so it will follow > normal routing. > > My 2 cents... > > > Le Wed, 19 Dec 2012 14:39:36 +0100, > WolfSec-Support <supp...@wolfsec.ch> a écrit : > >> may there are any fw rules there in LAN interface with similar >> IP's/networks ? >> some used this under 1.2.x and after upgrading to 2.x this caused >> issues. >> >> onto routing: >> >> looks good >> >> here a similar setup of mine / 1 side: >> >> 192.168.253.13 link#13 UH 0 0 1500 ovpnc1 >> 192.168.253.14 link#13 UHS 0 0 16384 lo0 >> 192.168.0.0/16 192.168.253.13 UGS 0 4151616 1500 >> ovpnc1 >> 192.168.242.0/24 link#1 U 0 1191195015 1500 >> vr0 >> >> >> rgds >> stephan >> >> >> >> 2012/12/19 Cristian Del Carlo <cristian.delca...@gmail.com> >> >> > Hi, >> > >> > thanks for your help. >> > >> > My firewall rules are in both pfsense: >> > Action: Pass >> > Interface : Openvpn >> > Protocol: Any >> > Source: Any >> > Destionation: Any >> > >> > This are my routing from firewall ( without public ip ): >> > >> > pfsense 1 - client: >> > 10.0.8.1 link#10 UH 0 15 ovpnc2 >> > 10.0.8.2 link#10 UHS 0 0 lo0 >> > 192.168.8.0/24 10.0.8.1 UGS 0 45 ovpnc2 >> > 192.168.9.0/24 link#2 U 0 37598040 em1 >> > >> > pfsense 2 - server: >> > 10.0.8.1 link#9 UHS 0 0 lo0 >> > 10.0.8.2 link#9 UH 0 72 ovpns1 >> > 192.168.8.0/24 link#2 U 0 229122 em1 >> > 192.168.8.1 link#2 UHS 0 0 lo0 >> > 192.168.9.0/24 10.0.8.2 UGS 0 1 ovpns1 >> > >> > Could be a routing problem? >> > >> > >> > 2012/12/19 WolfSec-Support <supp...@wolfsec.ch>: >> > > Hi, >> > > >> > > do you have special rules in VPN tunnel ? >> > > make sure to open OpenVPN ruleset as necessary >> > > >> > > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels >> > > >> > > but per default normally tunnel is open any<>any >> > > >> > > br >> > > stephan >> > > >> > > >> > > _______________________________________________ >> > > List mailing list >> > > List@lists.pfsense.org >> > > http://lists.pfsense.org/mailman/listinfo/list >> > > >> > >> > >> > >> > -- >> > -------------------------------------------------------- >> > >> > Cristian Del Carlo >> > >> > Il testo e gli eventuali documenti trasmessi contengono informazioni >> > riservate al destinatario indicato. La seguente e-mail è >> > confidenziale e la sua riservatezza è tutelata legalmente dal >> > Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della >> > privacy). La lettura, copia o altro uso non autorizzato o qualsiasi >> > altra azione derivante dalla conoscenza di queste informazioni sono >> > rigorosamente vietate. Qualora abbiate ricevuto questo documento >> > per errore siete cortesemente pregati di darne immediata >> > comunicazione al mittente e di provvedere, immediatamente, alla sua >> > distruzione. >> > >> > -------------------------------------------------------- >> > _______________________________________________ >> > List mailing list >> > List@lists.pfsense.org >> > http://lists.pfsense.org/mailman/listinfo/list >> > >> >> >> > _______________________________________________ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list -- -------------------------------------------------------- Cristian Del Carlo Il testo e gli eventuali documenti trasmessi contengono informazioni riservate al destinatario indicato. La seguente e-mail è confidenziale e la sua riservatezza è tutelata legalmente dal Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della privacy). La lettura, copia o altro uso non autorizzato o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere, immediatamente, alla sua distruzione. -------------------------------------------------------- _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list