Re: [pfSense] Openvpn site to site problem

Cristian Del Carlo Wed, 19 Dec 2012 06:51:23 -0800

Sorry i don't understand,

in my case i have only a WAN so wich type of rule i need?


I need to force the packets to my tunnel network over the vpn even if
my routing tables seem ok?

My routing tables:

10.0.8.1           link#10            UH          0        8 ovpnc2
10.0.8.2           link#10            UHS         0        0    lo0
192.168.8.0/24     10.0.8.1           UGS         0       55 ovpnc2
192.168.9.0/24     link#2             U           0 38437351    em1

Thanks,

2012/12/19 bruno.deb...@cyberoso.com <bruno.deb...@cyberoso.com>:
> Hello,
>
> You might need a firewall rule for the remote network in your lan rules
> to force traffic to follow normal routing.
>
> In my case (2 WANs), I have a rule defining the defaut gateway for lan
> traffic. To permit the traffic to remote vpn site, I have to add a rule
> earlier for the remote network with no gateway so it will follow
> normal routing.
>
> My 2 cents...
>
>
> Le Wed, 19 Dec 2012 14:39:36 +0100,
> WolfSec-Support <supp...@wolfsec.ch> a écrit :
>
>> may there are any fw rules there in LAN interface with similar
>> IP's/networks ?
>> some used this under 1.2.x and after upgrading to 2.x this caused
>> issues.
>>
>> onto routing:
>>
>> looks good
>>
>> here a similar setup of mine / 1 side:
>>
>> 192.168.253.13     link#13     UH     0     0     1500     ovpnc1
>> 192.168.253.14     link#13     UHS     0     0     16384     lo0
>> 192.168.0.0/16     192.168.253.13     UGS     0     4151616     1500
>> ovpnc1
>> 192.168.242.0/24     link#1     U     0     1191195015     1500
>> vr0
>>
>>
>> rgds
>> stephan
>>
>>
>>
>> 2012/12/19 Cristian Del Carlo <cristian.delca...@gmail.com>
>>
>> > Hi,
>> >
>> > thanks for your help.
>> >
>> > My firewall rules  are  in both pfsense:
>> > Action: Pass
>> > Interface : Openvpn
>> > Protocol: Any
>> > Source: Any
>> > Destionation: Any
>> >
>> > This are my routing from firewall ( without public ip ):
>> >
>> > pfsense 1 - client:
>> > 10.0.8.1           link#10            UH          0       15 ovpnc2
>> > 10.0.8.2           link#10            UHS         0        0    lo0
>> > 192.168.8.0/24     10.0.8.1           UGS         0       45 ovpnc2
>> > 192.168.9.0/24     link#2             U           0 37598040    em1
>> >
>> > pfsense 2 - server:
>> > 10.0.8.1           link#9             UHS         0        0    lo0
>> > 10.0.8.2           link#9             UH          0       72 ovpns1
>> > 192.168.8.0/24     link#2             U           0   229122    em1
>> > 192.168.8.1        link#2             UHS         0        0    lo0
>> > 192.168.9.0/24     10.0.8.2           UGS         0        1 ovpns1
>> >
>> > Could be a routing problem?
>> >
>> >
>> > 2012/12/19 WolfSec-Support <supp...@wolfsec.ch>:
>> > > Hi,
>> > >
>> > > do you have special rules in VPN tunnel ?
>> > > make sure to open OpenVPN ruleset as necessary
>> > >
>> > > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels
>> > >
>> > > but per default normally tunnel is open any<>any
>> > >
>> > > br
>> > > stephan
>> > >
>> > >
>> > > _______________________________________________
>> > > List mailing list
>> > > List@lists.pfsense.org
>> > > http://lists.pfsense.org/mailman/listinfo/list
>> > >
>> >
>> >
>> >
>> > --
>> > --------------------------------------------------------
>> >
>> > Cristian Del Carlo
>> >
>> > Il testo e gli eventuali documenti trasmessi contengono informazioni
>> > riservate al destinatario indicato. La seguente e-mail è
>> > confidenziale e la sua riservatezza è tutelata legalmente dal
>> > Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della
>> > privacy). La lettura, copia o altro uso non autorizzato o qualsiasi
>> > altra azione derivante dalla conoscenza di queste informazioni sono
>> > rigorosamente vietate. Qualora abbiate ricevuto questo documento
>> > per errore siete cortesemente pregati di darne immediata
>> > comunicazione al mittente e di provvedere, immediatamente, alla sua
>> > distruzione.
>> >
>> > --------------------------------------------------------
>> > _______________________________________________
>> > List mailing list
>> > List@lists.pfsense.org
>> > http://lists.pfsense.org/mailman/listinfo/list
>> >
>>
>>
>>
> _______________________________________________
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list



-- 
--------------------------------------------------------

Cristian Del Carlo

Il testo e gli eventuali documenti trasmessi contengono informazioni
riservate al destinatario indicato. La seguente e-mail è confidenziale e
la sua riservatezza è tutelata legalmente dal Decreto Legislativo 196
del 30/06/2003 (Codice di tutela della privacy). La lettura, copia o
altro uso non autorizzato o qualsiasi altra azione derivante dalla
conoscenza di queste informazioni sono rigorosamente vietate. Qualora
abbiate ricevuto questo documento per errore siete cortesemente pregati
di darne immediata comunicazione al mittente e di provvedere,
immediatamente, alla sua distruzione.

--------------------------------------------------------
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Openvpn site to site problem

Reply via email to