to make sure: - is tunnel up ? - can you ping from one pfsense the lan ip of the other one ?
brgds stephan 2012/12/19 Cristian Del Carlo <[email protected]> > Sorry i don't understand, > > in my case i have only a WAN so wich type of rule i need? > > I need to force the packets to my tunnel network over the vpn even if > my routing tables seem ok? > > My routing tables: > > 10.0.8.1 link#10 UH 0 8 ovpnc2 > 10.0.8.2 link#10 UHS 0 0 lo0 > 192.168.8.0/24 10.0.8.1 UGS 0 55 ovpnc2 > 192.168.9.0/24 link#2 U 0 38437351 em1 > > Thanks, > > 2012/12/19 [email protected] <[email protected]>: > > Hello, > > > > You might need a firewall rule for the remote network in your lan rules > > to force traffic to follow normal routing. > > > > In my case (2 WANs), I have a rule defining the defaut gateway for lan > > traffic. To permit the traffic to remote vpn site, I have to add a rule > > earlier for the remote network with no gateway so it will follow > > normal routing. > > > > My 2 cents... > > > > > > Le Wed, 19 Dec 2012 14:39:36 +0100, > > WolfSec-Support <[email protected]> a écrit : > > > >> may there are any fw rules there in LAN interface with similar > >> IP's/networks ? > >> some used this under 1.2.x and after upgrading to 2.x this caused > >> issues. > >> > >> onto routing: > >> > >> looks good > >> > >> here a similar setup of mine / 1 side: > >> > >> 192.168.253.13 link#13 UH 0 0 1500 ovpnc1 > >> 192.168.253.14 link#13 UHS 0 0 16384 lo0 > >> 192.168.0.0/16 192.168.253.13 UGS 0 4151616 1500 > >> ovpnc1 > >> 192.168.242.0/24 link#1 U 0 1191195015 1500 > >> vr0 > >> > >> > >> rgds > >> stephan > >> > >> > >> > >> 2012/12/19 Cristian Del Carlo <[email protected]> > >> > >> > Hi, > >> > > >> > thanks for your help. > >> > > >> > My firewall rules are in both pfsense: > >> > Action: Pass > >> > Interface : Openvpn > >> > Protocol: Any > >> > Source: Any > >> > Destionation: Any > >> > > >> > This are my routing from firewall ( without public ip ): > >> > > >> > pfsense 1 - client: > >> > 10.0.8.1 link#10 UH 0 15 ovpnc2 > >> > 10.0.8.2 link#10 UHS 0 0 lo0 > >> > 192.168.8.0/24 10.0.8.1 UGS 0 45 ovpnc2 > >> > 192.168.9.0/24 link#2 U 0 37598040 em1 > >> > > >> > pfsense 2 - server: > >> > 10.0.8.1 link#9 UHS 0 0 lo0 > >> > 10.0.8.2 link#9 UH 0 72 ovpns1 > >> > 192.168.8.0/24 link#2 U 0 229122 em1 > >> > 192.168.8.1 link#2 UHS 0 0 lo0 > >> > 192.168.9.0/24 10.0.8.2 UGS 0 1 ovpns1 > >> > > >> > Could be a routing problem? > >> > > >> > > >> > 2012/12/19 WolfSec-Support <[email protected]>: > >> > > Hi, > >> > > > >> > > do you have special rules in VPN tunnel ? > >> > > make sure to open OpenVPN ruleset as necessary > >> > > > >> > > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels > >> > > > >> > > but per default normally tunnel is open any<>any > >> > > > >> > > br > >> > > stephan > >> > > > >> > > > >> > > _______________________________________________ > >> > > List mailing list > >> > > [email protected] > >> > > http://lists.pfsense.org/mailman/listinfo/list > >> > > > >> > > >> > > >> > > >> > -- > >> > -------------------------------------------------------- > >> > > >> > Cristian Del Carlo > >> > > >> > Il testo e gli eventuali documenti trasmessi contengono informazioni > >> > riservate al destinatario indicato. La seguente e-mail è > >> > confidenziale e la sua riservatezza è tutelata legalmente dal > >> > Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della > >> > privacy). La lettura, copia o altro uso non autorizzato o qualsiasi > >> > altra azione derivante dalla conoscenza di queste informazioni sono > >> > rigorosamente vietate. Qualora abbiate ricevuto questo documento > >> > per errore siete cortesemente pregati di darne immediata > >> > comunicazione al mittente e di provvedere, immediatamente, alla sua > >> > distruzione. > >> > > >> > -------------------------------------------------------- > >> > _______________________________________________ > >> > List mailing list > >> > [email protected] > >> > http://lists.pfsense.org/mailman/listinfo/list > >> > > >> > >> > >> > > _______________________________________________ > > List mailing list > > [email protected] > > http://lists.pfsense.org/mailman/listinfo/list > > > > -- > -------------------------------------------------------- > > Cristian Del Carlo > > Il testo e gli eventuali documenti trasmessi contengono informazioni > riservate al destinatario indicato. La seguente e-mail è confidenziale e > la sua riservatezza è tutelata legalmente dal Decreto Legislativo 196 > del 30/06/2003 (Codice di tutela della privacy). La lettura, copia o > altro uso non autorizzato o qualsiasi altra azione derivante dalla > conoscenza di queste informazioni sono rigorosamente vietate. Qualora > abbiate ricevuto questo documento per errore siete cortesemente pregati > di darne immediata comunicazione al mittente e di provvedere, > immediatamente, alla sua distruzione. > > -------------------------------------------------------- > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > -- Stephan Wolf WolfSec Rairing 65 CH-8108 Dällikon +41 43 536 1191 +41 76 566 8222 http://www.wolfsec.ch
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
