Re: [pfSense] multi-tunnel routing
On Thu, Jan 5, 2012 at 12:27 AM, Andrew Mitchell wrote: > OK, I have added: > > route 192.168.16.0 255.255.255.0; > route 192.168.15.0 255.255.255.0; > route 192.168.8.0 255.255.255.0; > route 192.168.7.0 255.255.255.0; > route 192.168.1.0 255.255.255.0; > > to the 10.0.7.1 server. > > Now, a traceroute shows that traffic sent down the tunnel but it dies 1 hop > later: > > Tracing route to 192.168.16.10 over a maximum of 30 hops > > 1 1 ms 1 ms 2 ms watchdog.snarrow.com [10.0.7.1] > 2 76 ms 73 ms 77 ms 10.8.1.2 > 3 * * * Request timed out. > 4 * * * Request timed out. > 5 * ^C > > Nothing shows up in the firewall on the destination side of the tunnel. > > I can't figure out where I have gone wrong. I would appreciate any advise. > You need a return route on the other end as well. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] multi-tunnel routing
OK, I have added: route 192.168.16.0 255.255.255.0; route 192.168.15.0 255.255.255.0; route 192.168.8.0 255.255.255.0; route 192.168.7.0 255.255.255.0; route 192.168.1.0 255.255.255.0; to the 10.0.7.1 server. Now, a traceroute shows that traffic sent down the tunnel but it dies 1 hop later: Tracing route to 192.168.16.10 over a maximum of 30 hops 1 1 ms 1 ms 2 ms watchdog.snarrow.com [10.0.7.1] 276 ms73 ms77 ms 10.8.1.2 3 *** Request timed out. 4 *** Request timed out. 5 * ^C Nothing shows up in the firewall on the destination side of the tunnel. I can't figure out where I have gone wrong. I would appreciate any advise. Thanks, Andrew On Mon, Jan 2, 2012 at 8:04 AM, John Busch wrote: > On Thu, Dec 29, 2011 at 5:50 AM, Andrew Mitchell > wrote: > > I have 2 pfSense boxes on a peer-to-peer shared-key OpenVPN tunnel. The > LAN > > on the server is 10.0.7.0/24. The LAN on the client is 192.168.1.0/24. > > Server and client have bidirectional traffic just fine. > > > > The client has multiple seperate peer-to-peer shared-key OpenVPN tunnels > > tunnels to which it is also connected: 192.168.15.0/24, 192.168.16.0/24, > > 192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24. All of those tunnels > have > > bidirectional traffic with the client just fine. Further, > 192.168.16.0/24 > > can not see 192.168.0.0/24 (for example) and vice versa. This is the > exact > > functionality I am looking for between those subnets on the other side of > > the client. > > > > However, I would like to be able to establish at least one way > communication > > between the server (10.0.7.0/24) and the 192.168.15.0/24, > 192.168.16.0/24, > > 192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24 subnets using the > existing > > server/client tunnel. Nothing I have tried seems to work. > > > > I would be grateful for any advise. > > > > Thanks, > > > > Andrew > > Have you tried adding an additional route statement in the advanced > field on the server's OpenVPN config page? For example, adding > > route 192.168.15.0 255.255.255.0; > > will route server packets destined to that network across the OpenVPN > tunnel. If IP forwarding on the client is enabled, it will look at > its routing table and forward the packet appropriately. Adding a > statement like this for each of your listed subnets to the server's > OpenVPN config page should achieve your objective. Adding a similar > statement of > > route 10.0.7.0 255.255.255.0; > > to the 192.168.15.0/24 OpenVPN configuration will ensure > bi-directional traffic. This statement would need to be in the > OpenVPN config of each of the subnets you listed above. > > http://openvpn.net/index.php/manuals/427-openvpn-22.html > > - John > ___ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list > ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] multi-tunnel routing
On Thu, Dec 29, 2011 at 5:50 AM, Andrew Mitchell wrote: > I have 2 pfSense boxes on a peer-to-peer shared-key OpenVPN tunnel. The LAN > on the server is 10.0.7.0/24. The LAN on the client is 192.168.1.0/24. > Server and client have bidirectional traffic just fine. > > The client has multiple seperate peer-to-peer shared-key OpenVPN tunnels > tunnels to which it is also connected: 192.168.15.0/24, 192.168.16.0/24, > 192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24. All of those tunnels have > bidirectional traffic with the client just fine. Further, 192.168.16.0/24 > can not see 192.168.0.0/24 (for example) and vice versa. This is the exact > functionality I am looking for between those subnets on the other side of > the client. > > However, I would like to be able to establish at least one way communication > between the server (10.0.7.0/24) and the 192.168.15.0/24, 192.168.16.0/24, > 192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24 subnets using the existing > server/client tunnel. Nothing I have tried seems to work. > > I would be grateful for any advise. > > Thanks, > > Andrew Have you tried adding an additional route statement in the advanced field on the server's OpenVPN config page? For example, adding route 192.168.15.0 255.255.255.0; will route server packets destined to that network across the OpenVPN tunnel. If IP forwarding on the client is enabled, it will look at its routing table and forward the packet appropriately. Adding a statement like this for each of your listed subnets to the server's OpenVPN config page should achieve your objective. Adding a similar statement of route 10.0.7.0 255.255.255.0; to the 192.168.15.0/24 OpenVPN configuration will ensure bi-directional traffic. This statement would need to be in the OpenVPN config of each of the subnets you listed above. http://openvpn.net/index.php/manuals/427-openvpn-22.html - John ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] multi-tunnel routing
I have 2 pfSense boxes on a peer-to-peer shared-key OpenVPN tunnel. The LAN on the server is 10.0.7.0/24. The LAN on the client is 192.168.1.0/24. Server and client have bidirectional traffic just fine. The client has multiple seperate peer-to-peer shared-key OpenVPN tunnels tunnels to which it is also connected: 192.168.15.0/24, 192.168.16.0/24, 192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24. All of those tunnels have bidirectional traffic with the client just fine. Further, 192.168.16.0/24 can not see 192.168.0.0/24 (for example) and vice versa. This is the exact functionality I am looking for between those subnets on the other side of the client. However, I would like to be able to establish at least one way communication between the server (10.0.7.0/24) and the 192.168.15.0/24, 192.168.16.0/24, 192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24 subnets using the existing server/client tunnel. Nothing I have tried seems to work. I would be grateful for any advise. Thanks, Andrew ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
