Steve,
What's netstat -lr say about your route? Pay specific attention to the
interface that the route is applied to. I ran into a really weird issue
with creating a static route yesterday and I'm going to try and
re-create it in my test environment today.
-Gary
Steve Harman wrote:
Thanks to Gary & Curtis for the replies. I've now upgraded us to 1.2 RC3!
As we don't yet have the proposed VPN appliance on site my query has been
semi-theoretical as I can't of course test anything properly yet, but what I'm
confused about is more to do with static routes themselves rather than a VPN.
Inside pfSense I've put in place a static route on our LAN interface which
should route traffic destined for 10.2.0.0/16 hosts in the direction of
192.168.3.253 - the VPN appliance when it arrives.
Obviously as it stands (no VPN appliance) nothing will successfully make it to the
remote network but I'm confused; issuing traceroute [to a host on the remote &
supposedly statically-routed 10.2.0.0 network] from a machine on our LAN subnet,
which is set to use the pfSense box as its gateway, does not appear to try
contacting 192.168.1.253 but instead leaves the building on our regular ADSL line
as per traffic destined for www.google.comor or anything else:
# traceroute 10.2.0.10
traceroute to 10.2.0.10 (10.2.0.10), 30 hops max, 38 byte packets
1 213.121.207.nnn (213.121.207.nnn) 1.137 ms 1.113 ms 0.995 ms
2 * * *
3 *
(Where 213.121.207.nnn is our regular DSL gateway)
Any thoughts?
With my static route in place I'd have expected traceroute to report trying to
get to 192.168.3.253 and no further - as the VPN box isn't here yet - not
trying to leave the building in the normal way?
Thanks,
Steve
-----Original Message-----
From: Gary Buckmaster [mailto:[EMAIL PROTECTED]
Sent: 13 December 2007 15:11
To: [email protected]
Subject: Re: [pfSense Support] Static routes for a VPN - it's probably simple
but....
Steve,
You really should not be running 1.0.1 anymore for production. There
have been literally thousands of bugs fixed (including a number of them
within the VPN implementations) and pfSense has had RCs out for quite
some time. Before you go too far down this road, you should really upgrade.
-Gary
Steve Harman wrote:
Hi!
\\ pfSense v1.0.1
We're having a VPN appliance thrust upon us by our newly acquired (!)
parent company, in order to provide site-to-site connectivity between
"us & them".
To reach the parent company's remote LANs at head-office I think I
need to add static routes on our pfSense box pointing to the locally
hosted VPN appliance which will then encrypt traffic destined to the
parent co's network ranges?
Thus;
pfSense > Static Routes:
Interface Network Gateway
LAN 10.1.0.0/16 192.168.1.253
Where "LAN" is the name of one of our local interfaces, 10.1.0.0/16
the remote network and 192.168.1.253 the address of the VPN alliance.
Do people think I'm on the right track with all this?
In readiness for the VPN box arriving I've actually put some static
routes in place and attempted traceroute to an address on one of the
remote networks from a machine on our LAN interface which the static
route is setup on.
Strangely though the output from traceroute shows packets attempting
to leave the building via our standard ADSL feed like anything else
and not trying to go via 192.168.1.253 the address of the soon to be
added VPN box. Is that what people would expect? The machine I'm
trying to trace from is definitely on the pfSense interface called
"LAN" where I created the static route.
I'm confused...
Many thanks,
Steve
*Steve Harman***
*Envisional*
E-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
Web: http://www.envisional.com <http://www.envisional.com/>
Tel: +44 (0) 1223 372 400
Fax: +44 (0) 1223 372 401
The information contained in this email message is intended only for
the individuals named above. If you are not the intended recipient,
you should be aware that any dissemination, distribution, forwarding
or other duplication of this communication is strictly prohibited. The
views expressed in this email are those of the individual author and
not necessarily those of Envisional Ltd. Before taking any action
based on this email message, you should seek appropriate confirmation
of its authenticity. If you have received this email in error, please
notify the sender immediately. Registered details: Envisional Ltd,
Betjeman House, 104 Hills Road, Cambridge, England. CB2 1LQ. United
Kingdom Company Registration No.3872790.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
