Ok, then no firewall rules forcing gateway, so let's try something else. Did you configure iroute ? http://openvpn.net/index.php/open-source/documentation/howto.html#scope Read : Including multiple machines on the client side when using a routed VPN
It might work :-p Le Wed, 19 Dec 2012 15:19:25 +0100, Cristian Del Carlo <[email protected]> a écrit : > Hi, > > Thanks for your help. > > Even in LAN i have : > My firewall rules are in both pfsense: > Action: Pass > Interface : LAN > Protocol: Any > Source: Any > Destionation: Any > > If i ping the tunnel from a client seem ok: > > ping 10.0.8.1 --> Ok > ping 10.8.8.2 --> OK > ping 192.168.8.X --> 100% packet loss > > Thanks. > > 2012/12/19 WolfSec-Support <[email protected]>: > > may there are any fw rules there in LAN interface with similar > > IP's/networks ? > > some used this under 1.2.x and after upgrading to 2.x this caused > > issues. > > > > onto routing: > > > > looks good > > > > here a similar setup of mine / 1 side: > > > > 192.168.253.13 link#13 UH 0 0 1500 ovpnc1 > > 192.168.253.14 link#13 UHS 0 0 16384 lo0 > > 192.168.0.0/16 192.168.253.13 UGS 0 4151616 1500 > > ovpnc1 > > 192.168.242.0/24 link#1 U 0 1191195015 1500 > > vr0 > > > > rgds > > stephan > > > > > > > > > > 2012/12/19 Cristian Del Carlo <[email protected]> > >> > >> Hi, > >> > >> thanks for your help. > >> > >> My firewall rules are in both pfsense: > >> Action: Pass > >> Interface : Openvpn > >> Protocol: Any > >> Source: Any > >> Destionation: Any > >> > >> This are my routing from firewall ( without public ip ): > >> > >> pfsense 1 - client: > >> 10.0.8.1 link#10 UH 0 15 ovpnc2 > >> 10.0.8.2 link#10 UHS 0 0 lo0 > >> 192.168.8.0/24 10.0.8.1 UGS 0 45 ovpnc2 > >> 192.168.9.0/24 link#2 U 0 37598040 em1 > >> > >> pfsense 2 - server: > >> 10.0.8.1 link#9 UHS 0 0 lo0 > >> 10.0.8.2 link#9 UH 0 72 ovpns1 > >> 192.168.8.0/24 link#2 U 0 229122 em1 > >> 192.168.8.1 link#2 UHS 0 0 lo0 > >> 192.168.9.0/24 10.0.8.2 UGS 0 1 ovpns1 > >> > >> Could be a routing problem? > >> > >> > >> 2012/12/19 WolfSec-Support <[email protected]>: > >> > Hi, > >> > > >> > do you have special rules in VPN tunnel ? > >> > make sure to open OpenVPN ruleset as necessary > >> > > >> > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels > >> > > >> > but per default normally tunnel is open any<>any > >> > > >> > br > >> > stephan > >> > > >> > > >> > _______________________________________________ > >> > List mailing list > >> > [email protected] > >> > http://lists.pfsense.org/mailman/listinfo/list > >> > > >> > >> > >> > >> -- > >> -------------------------------------------------------- > >> > >> Cristian Del Carlo > >> > >> Il testo e gli eventuali documenti trasmessi contengono > >> informazioni riservate al destinatario indicato. La seguente > >> e-mail è confidenziale e la sua riservatezza è tutelata legalmente > >> dal Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della > >> privacy). La lettura, copia o altro uso non autorizzato o > >> qualsiasi altra azione derivante dalla conoscenza di queste > >> informazioni sono rigorosamente vietate. Qualora abbiate ricevuto > >> questo documento per errore siete cortesemente pregati di darne > >> immediata comunicazione al mittente e di provvedere, > >> immediatamente, alla sua distruzione. > >> > >> -------------------------------------------------------- > >> _______________________________________________ > >> List mailing list > >> [email protected] > >> http://lists.pfsense.org/mailman/listinfo/list > > > > > > > > > > -- > > > > Stephan Wolf > > > > WolfSec > > Rairing 65 > > CH-8108 Dällikon > > > > +41 43 536 1191 > > +41 76 566 8222 > > http://www.wolfsec.ch > > _______________________________________________ > > List mailing list > > [email protected] > > http://lists.pfsense.org/mailman/listinfo/list > > > > > _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
