but as bryan says i also see NAT solution in pfsense docs. however my confusion still remains the same. referring to the pfsense doc why we need NAT ?when routing is the way for this any technical reason.
On Thu, Feb 27, 2014 at 1:42 AM, Muhammad Yousuf Khan <[email protected]>wrote: > Thanks Bryan you are right, > however i resolve the error without NAT. > what i did is a very small thing and issue resolved. > i advertise 1194 routes in 1196 and vice versa > > in openvpn server GUI "advance" configuration section. > i add these lines. > > push "route 10.3.3.0 255.255.255.0"; > push "route [remoteLAN] 255.255.255.0"; > > > > however in dd-wrt i add a manual entry. for routing and now i can connect > to all the road warriors and roadwarriers to my remote site successfully. > > Thanks. > > > > On Thu, Feb 27, 2014 at 1:25 AM, Bryan D. <[email protected]> wrote: > >> FWIW, I was having similar problems crossing LANs on a 2-LAN/5-WAN (1 >> real/4 VIPs) setup and ended up solving it using NAT (pfSense v2.1 release). >> >> The setup is using "Pure NAT" (in System -> Advanced -> Firewall/NAT) >> along with Manual Outbound NAT rules and what I had to do was NAT from LAN >> to LAN -- specifically, in Outbound NAT: >> LAN1 LAN2 * * * LAN1 address * NO "NAT LAN2 to LAN1" >> LAN2 LAN1 * * * LAN2 address * NO "NAT LAN1 to LAN2" >> (aliases are defined to abstract both LAN1 and LAN2 and the "LANx >> address" is the usual "Interface Address" setting) >> >> I still don't understand why routing doesn't take care of it and why NAT >> is required for certain things to work, but this was the only way I could >> get it to work in my setup. Of course, I'd like to be "educated" if >> someone has an answer. >> >> Bryan D. >> http://www.derman.com/ >> >> >> On 2014-Feb-26, at 11:41 AM, Muhammad Yousuf Khan <[email protected]> >> wrote: >> >> > i am using two instance one on port 1194 and one on 1196 >> > 1194 is preshared for dd-wrt working fine.tunnel subnet is 10.3.3.0/24. >> > >> > 1196 is remote acess for road warriers.tunnel subnet is 10.4.4.0/24 >> > >> > i want both my VPN segments to use my headoffice LAN and can also >> connect >> > to each other as hub and spoke. >> > >> > >> > both VPN properly setup and working fine. i can acess pfsense LAN >> segment >> > from remote site and from road worrier both. however when i try to >> access >> > 10.3.3.0/24 from 10.4.4.0/24 clients it does not reach >> > >> > i know you might be saying it is a routing issue. however further >> analysis >> > says something else. >> > >> > my dd-wrt can reach 10.4.4.1 (pfsence interface) after i define the >> static >> > route in dd-wrt router. >> > but my dd-wrt router can not reach 10.4.4.10( which is an ip of my road >> > warrier windows laptop) and at the same time my lapton can reach >> 10.4.4.1 >> > and LAN segment also. but can not reach 10.3.3.1(which is pfsence >> > interface). >> > >> > >> > i set a route for 10.3.3.0/24 with gateway of 10.4.4.1 in windows >> laptop >> > but still i can not reach the 10.3.3.1 >> > >> > ... >> >> _______________________________________________ >> List mailing list >> [email protected] >> http://lists.pfsense.org/mailman/listinfo/list >> > >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
