Thanks Bryan you are right, however i resolve the error without NAT. what i did is a very small thing and issue resolved. i advertise 1194 routes in 1196 and vice versa
in openvpn server GUI "advance" configuration section. i add these lines. push "route 10.3.3.0 255.255.255.0"; push "route [remoteLAN] 255.255.255.0"; however in dd-wrt i add a manual entry. for routing and now i can connect to all the road warriors and roadwarriers to my remote site successfully. Thanks. On Thu, Feb 27, 2014 at 1:25 AM, Bryan D. <[email protected]> wrote: > FWIW, I was having similar problems crossing LANs on a 2-LAN/5-WAN (1 > real/4 VIPs) setup and ended up solving it using NAT (pfSense v2.1 release). > > The setup is using "Pure NAT" (in System -> Advanced -> Firewall/NAT) > along with Manual Outbound NAT rules and what I had to do was NAT from LAN > to LAN -- specifically, in Outbound NAT: > LAN1 LAN2 * * * LAN1 address * NO "NAT LAN2 to LAN1" > LAN2 LAN1 * * * LAN2 address * NO "NAT LAN1 to LAN2" > (aliases are defined to abstract both LAN1 and LAN2 and the "LANx address" > is the usual "Interface Address" setting) > > I still don't understand why routing doesn't take care of it and why NAT > is required for certain things to work, but this was the only way I could > get it to work in my setup. Of course, I'd like to be "educated" if > someone has an answer. > > Bryan D. > http://www.derman.com/ > > > On 2014-Feb-26, at 11:41 AM, Muhammad Yousuf Khan <[email protected]> > wrote: > > > i am using two instance one on port 1194 and one on 1196 > > 1194 is preshared for dd-wrt working fine.tunnel subnet is 10.3.3.0/24. > > > > 1196 is remote acess for road warriers.tunnel subnet is 10.4.4.0/24 > > > > i want both my VPN segments to use my headoffice LAN and can also connect > > to each other as hub and spoke. > > > > > > both VPN properly setup and working fine. i can acess pfsense LAN segment > > from remote site and from road worrier both. however when i try to access > > 10.3.3.0/24 from 10.4.4.0/24 clients it does not reach > > > > i know you might be saying it is a routing issue. however further > analysis > > says something else. > > > > my dd-wrt can reach 10.4.4.1 (pfsence interface) after i define the > static > > route in dd-wrt router. > > but my dd-wrt router can not reach 10.4.4.10( which is an ip of my road > > warrier windows laptop) and at the same time my lapton can reach > 10.4.4.1 > > and LAN segment also. but can not reach 10.3.3.1(which is pfsence > > interface). > > > > > > i set a route for 10.3.3.0/24 with gateway of 10.4.4.1 in windows laptop > > but still i can not reach the 10.3.3.1 > > > > ... > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
