On 21.12.2012 05:27, Nishant Sharma wrote:
On Thu, Dec 20, 2012 at 6:58 PM, Cristian Del Carlo
cristian.delca...@gmail.com wrote:
In lan e openvpn i have only one rule that pass everything.
This problem make me crazy
Have you configured the server for pushing the routes to client and
I had a similar problem where pfSense wouldn't route packets to remote LAN
over tunnel (it was due to a gateway issue and it wasn't using the default
routes) I think someone mentioned a similar issue.
Maybe it would be worth trying adding an additional gateway (10.100.8.1 or
.2 depending on which
single /24 to single 24 site2site needs no push of routes
only if multiple subnets are on end of tunnel and not described in VPN
info/routing
I would simplyfy this issue to a simple site2site vpn
additional:
- is it a plain v2 install, or an upgraded v1.2.x to v2
I had some isues with upgrades
Hi try this configuration but i hace the same problem i am very confused.
This is my network:
lan1 192.168.9.0 --- pfsense1 (client openvpn) -- pfsense2
(server openvpn) -- lan 2 192.168.8.0
This are now with certificates my configuration files:
Pfsense server:
/var/etc/openvpn/server1.conf
Another information.
If from a client in lan i do:
# ping 192.168.8.10 ( a client in the other network)
And in pfsense (client openvpn):
tcpdump -i ovpnc2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ovpnc2, link-type NULL (BSD loopback), capture size
100% sure, the 2 boxes are the gateway of the two lans.
If from a client in lan i do:
# ping 192.168.8.10 ( a client in the other network)
I see the packets in the interface LAN of the pfsense but the packets
are not routed in the tunnel vpn.
If i do :
tcpdump -i em1 (lan of pfsense)
I see
On Thu, Dec 20, 2012 at 6:58 PM, Cristian Del Carlo
cristian.delca...@gmail.com wrote:
In lan e openvpn i have only one rule that pass everything.
This problem make me crazy
Have you configured the server for pushing the routes to client and
added iroute parameters?
-Nishant
lan1 192.168.9.0 --- pfsense1 (client openvpn) -- pfsense2
(server openvpn) -- lan 2 192.168.8.0
/var/etc/openvpn/server1.conf
route 192.168.9.0 255.255.255.0
push route 192.168.8.0 255.255.255.0
This looks right.
/var/etc/openvpn-csc/fw-target
iroute 192.168.9.0 255.255.255.0
Hi,
do you have special rules in VPN tunnel ?
make sure to open OpenVPN ruleset as necessary
this is new in 2.x; 1.2.x. had no rules in OpenVPN tunnels
but per default normally tunnel is open anyany
br
stephan
http://www.wolfsec.ch
___
List mailing
Hi,
thanks for your help.
My firewall rules are in both pfsense:
Action: Pass
Interface : Openvpn
Protocol: Any
Source: Any
Destionation: Any
This are my routing from firewall ( without public ip ):
pfsense 1 - client:
10.0.8.1 link#10UH 0 15 ovpnc2
may there are any fw rules there in LAN interface with similar
IP's/networks ?
some used this under 1.2.x and after upgrading to 2.x this caused issues.
onto routing:
looks good
here a similar setup of mine / 1 side:
192.168.253.13 link#13 UH 0 0 1500 ovpnc1
Hi!
Try this:
pfsense2 - server:
Tunnel network: 10.0.8.0/30 (no need for /24 on site2site)
pfsense1 - client:
Tunnel network: 10.0.8.0/30 (You can even keep it empty)
Keeping or removing the remote network on the client side shouldn't be
important, the difference being that if you keep it,
Hi,
Thanks for your help.
Even in LAN i have :
My firewall rules are in both pfsense:
Action: Pass
Interface : LAN
Protocol: Any
Source: Any
Destionation: Any
If i ping the tunnel from a client seem ok:
ping 10.0.8.1 -- Ok
ping 10.8.8.2 -- OK
ping 192.168.8.X -- 100% packet loss
Thanks.
Hello,
You might need a firewall rule for the remote network in your lan rules
to force traffic to follow normal routing.
In my case (2 WANs), I have a rule defining the defaut gateway for lan
traffic. To permit the traffic to remote vpn site, I have to add a rule
earlier for the remote network
Hi,
even with 10.0.8.0/30 i have the same problem.
Any other suggest?
2012/12/19 Vassilis V. bigracc...@gmx.net:
Hi!
Try this:
pfsense2 - server:
Tunnel network: 10.0.8.0/30 (no need for /24 on site2site)
pfsense1 - client:
Tunnel network: 10.0.8.0/30 (You can even keep it empty)
Sorry i don't understand,
in my case i have only a WAN so wich type of rule i need?
I need to force the packets to my tunnel network over the vpn even if
my routing tables seem ok?
My routing tables:
10.0.8.1 link#10UH 08 ovpnc2
10.0.8.2 link#10
to make sure:
- is tunnel up ?
- can you ping from one pfsense the lan ip of the other one ?
brgds
stephan
2012/12/19 Cristian Del Carlo cristian.delca...@gmail.com
Sorry i don't understand,
in my case i have only a WAN so wich type of rule i need?
I need to force the packets to my tunnel
My tunnel is up.
From a client i can ping the tunnel interfaces of my vpn but i can't'
reach the other network.
# ping 10.0.8.1 - ok
# ping 10.0.8.2 - ok
# ping 192.168.8.10 - 100% packet lost
From both firewall i can ping all the networks:
# ping 192.168.8.10 - Ok
# ping 10.0.8.1 - ok
# ping
and the clients on each side can reach internet trough their local pfsense ?
so GW info etc is ok ?
sometimes it's simply a typo etc in mask/gw etc
generally your setup seems to be fine
rgds
stephan
http://www.wolfsec.ch
___
List mailing list
Ok, then no firewall rules forcing gateway, so let's try something else.
Did you configure iroute ?
http://openvpn.net/index.php/open-source/documentation/howto.html#scope
Read : Including multiple machines on the client side when using a
routed VPN
It might work :-p
Le Wed, 19 Dec 2012
20 matches
Mail list logo
