Thanks to Gary & Curtis for the replies. I've now upgraded us to 1.2 RC3!
As we don't yet have the proposed VPN appliance on site my query has been semi-theoretical as I can't of course test anything properly yet, but what I'm confused about is more to do with static routes themselves rather than a VPN. Inside pfSense I've put in place a static route on our LAN interface which should route traffic destined for 10.2.0.0/16 hosts in the direction of 192.168.3.253 - the VPN appliance when it arrives. Obviously as it stands (no VPN appliance) nothing will successfully make it to the remote network but I'm confused; issuing traceroute [to a host on the remote & supposedly statically-routed 10.2.0.0 network] from a machine on our LAN subnet, which is set to use the pfSense box as its gateway, does not appear to try contacting 192.168.1.253 but instead leaves the building on our regular ADSL line as per traffic destined for www.google.comor or anything else: # traceroute 10.2.0.10 traceroute to 10.2.0.10 (10.2.0.10), 30 hops max, 38 byte packets 1 213.121.207.nnn (213.121.207.nnn) 1.137 ms 1.113 ms 0.995 ms 2 * * * 3 * (Where 213.121.207.nnn is our regular DSL gateway) Any thoughts? With my static route in place I'd have expected traceroute to report trying to get to 192.168.3.253 and no further - as the VPN box isn't here yet - not trying to leave the building in the normal way? Thanks, Steve -----Original Message----- From: Gary Buckmaster [mailto:[EMAIL PROTECTED] Sent: 13 December 2007 15:11 To: [email protected] Subject: Re: [pfSense Support] Static routes for a VPN - it's probably simple but.... Steve, You really should not be running 1.0.1 anymore for production. There have been literally thousands of bugs fixed (including a number of them within the VPN implementations) and pfSense has had RCs out for quite some time. Before you go too far down this road, you should really upgrade. -Gary Steve Harman wrote: > > Hi! > > \\ pfSense v1.0.1 > > We're having a VPN appliance thrust upon us by our newly acquired (!) > parent company, in order to provide site-to-site connectivity between > "us & them". > > To reach the parent company's remote LANs at head-office I think I > need to add static routes on our pfSense box pointing to the locally > hosted VPN appliance which will then encrypt traffic destined to the > parent co's network ranges? > > Thus; > > pfSense > Static Routes: > > Interface Network Gateway > > LAN 10.1.0.0/16 192.168.1.253 > > Where "LAN" is the name of one of our local interfaces, 10.1.0.0/16 > the remote network and 192.168.1.253 the address of the VPN alliance. > Do people think I'm on the right track with all this? > > In readiness for the VPN box arriving I've actually put some static > routes in place and attempted traceroute to an address on one of the > remote networks from a machine on our LAN interface which the static > route is setup on. > > Strangely though the output from traceroute shows packets attempting > to leave the building via our standard ADSL feed like anything else > and not trying to go via 192.168.1.253 the address of the soon to be > added VPN box. Is that what people would expect? The machine I'm > trying to trace from is definitely on the pfSense interface called > "LAN" where I created the static route. > > I'm confused... > > Many thanks, > > Steve > > *Steve Harman*** > > *Envisional* > > > E-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > Web: http://www.envisional.com <http://www.envisional.com/> > Tel: +44 (0) 1223 372 400 > Fax: +44 (0) 1223 372 401 > > The information contained in this email message is intended only for > the individuals named above. If you are not the intended recipient, > you should be aware that any dissemination, distribution, forwarding > or other duplication of this communication is strictly prohibited. The > views expressed in this email are those of the individual author and > not necessarily those of Envisional Ltd. Before taking any action > based on this email message, you should seek appropriate confirmation > of its authenticity. If you have received this email in error, please > notify the sender immediately. Registered details: Envisional Ltd, > Betjeman House, 104 Hills Road, Cambridge, England. CB2 1LQ. United > Kingdom Company Registration No.3872790. > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
