Hi list,
i have a problem with a vpn site to site psk with 2 pfsense 2.0.1.
My problem is that from the firewall everything looks correct, i can
ping or ssh the remote client ( i use linux client with no personal
firewall).
But from the clients i can't reach the remote lan.
I don't know where
Hi,
do you have special rules in VPN tunnel ?
make sure to open OpenVPN ruleset as necessary
this is new in 2.x; 1.2.x. had no rules in OpenVPN tunnels
but per default normally tunnel is open anyany
br
stephan
http://www.wolfsec.ch
___
List mailing
Hi,
thanks for your help.
My firewall rules are in both pfsense:
Action: Pass
Interface : Openvpn
Protocol: Any
Source: Any
Destionation: Any
This are my routing from firewall ( without public ip ):
pfsense 1 - client:
10.0.8.1 link#10UH 0 15 ovpnc2
Thanks thanks thanks Jim, it works
Very thanks. I love pfsense...is the best software firewall.
Bye.
2012/12/10 Jim Pingle li...@pingle.org
On 12/10/2012 11:31 AM, may...@maykel.sytes.net wrote:
ok, well, then only connect with cisco vpn update to pfsense 2.1?
It has nothing to do
may there are any fw rules there in LAN interface with similar
IP's/networks ?
some used this under 1.2.x and after upgrading to 2.x this caused issues.
onto routing:
looks good
here a similar setup of mine / 1 side:
192.168.253.13 link#13 UH 0 0 1500 ovpnc1
Hi!
Try this:
pfsense2 - server:
Tunnel network: 10.0.8.0/30 (no need for /24 on site2site)
pfsense1 - client:
Tunnel network: 10.0.8.0/30 (You can even keep it empty)
Keeping or removing the remote network on the client side shouldn't be
important, the difference being that if you keep it,
Hi,
Thanks for your help.
Even in LAN i have :
My firewall rules are in both pfsense:
Action: Pass
Interface : LAN
Protocol: Any
Source: Any
Destionation: Any
If i ping the tunnel from a client seem ok:
ping 10.0.8.1 -- Ok
ping 10.8.8.2 -- OK
ping 192.168.8.X -- 100% packet loss
Thanks.
Hello,
You might need a firewall rule for the remote network in your lan rules
to force traffic to follow normal routing.
In my case (2 WANs), I have a rule defining the defaut gateway for lan
traffic. To permit the traffic to remote vpn site, I have to add a rule
earlier for the remote network
Hi,
even with 10.0.8.0/30 i have the same problem.
Any other suggest?
2012/12/19 Vassilis V. bigracc...@gmx.net:
Hi!
Try this:
pfsense2 - server:
Tunnel network: 10.0.8.0/30 (no need for /24 on site2site)
pfsense1 - client:
Tunnel network: 10.0.8.0/30 (You can even keep it empty)
Sorry i don't understand,
in my case i have only a WAN so wich type of rule i need?
I need to force the packets to my tunnel network over the vpn even if
my routing tables seem ok?
My routing tables:
10.0.8.1 link#10UH 08 ovpnc2
10.0.8.2 link#10
to make sure:
- is tunnel up ?
- can you ping from one pfsense the lan ip of the other one ?
brgds
stephan
2012/12/19 Cristian Del Carlo cristian.delca...@gmail.com
Sorry i don't understand,
in my case i have only a WAN so wich type of rule i need?
I need to force the packets to my tunnel
My tunnel is up.
From a client i can ping the tunnel interfaces of my vpn but i can't'
reach the other network.
# ping 10.0.8.1 - ok
# ping 10.0.8.2 - ok
# ping 192.168.8.10 - 100% packet lost
From both firewall i can ping all the networks:
# ping 192.168.8.10 - Ok
# ping 10.0.8.1 - ok
# ping
and the clients on each side can reach internet trough their local pfsense ?
so GW info etc is ok ?
sometimes it's simply a typo etc in mask/gw etc
generally your setup seems to be fine
rgds
stephan
http://www.wolfsec.ch
___
List mailing list
Ok, then no firewall rules forcing gateway, so let's try something else.
Did you configure iroute ?
http://openvpn.net/index.php/open-source/documentation/howto.html#scope
Read : Including multiple machines on the client side when using a
routed VPN
It might work :-p
Le Wed, 19 Dec 2012
14 matches
Mail list logo