My tunnel is up. >From a client i can ping the tunnel interfaces of my vpn but i can't' reach the other network.
# ping 10.0.8.1 -> ok # ping 10.0.8.2 -> ok # ping 192.168.8.10 -> 100% packet lost >From both firewall i can ping all the networks: # ping 192.168.8.10 -> Ok # ping 10.0.8.1 -> ok # ping 10.0.8.2 -> ok # ping 192.168.9.10 -> Ok The problem seems to be only from the network to reach the other one. Thanks for your help! 2012/12/19 WolfSec-Support <[email protected]>: > to make sure: > - is tunnel up ? > - can you ping from one pfsense the lan ip of the other one ? > > brgds > > stephan > > > 2012/12/19 Cristian Del Carlo <[email protected]> >> >> Sorry i don't understand, >> >> in my case i have only a WAN so wich type of rule i need? >> >> I need to force the packets to my tunnel network over the vpn even if >> my routing tables seem ok? >> >> My routing tables: >> >> 10.0.8.1 link#10 UH 0 8 ovpnc2 >> 10.0.8.2 link#10 UHS 0 0 lo0 >> 192.168.8.0/24 10.0.8.1 UGS 0 55 ovpnc2 >> 192.168.9.0/24 link#2 U 0 38437351 em1 >> >> Thanks, >> >> 2012/12/19 [email protected] <[email protected]>: >> > Hello, >> > >> > You might need a firewall rule for the remote network in your lan rules >> > to force traffic to follow normal routing. >> > >> > In my case (2 WANs), I have a rule defining the defaut gateway for lan >> > traffic. To permit the traffic to remote vpn site, I have to add a rule >> > earlier for the remote network with no gateway so it will follow >> > normal routing. >> > >> > My 2 cents... >> > >> > >> > Le Wed, 19 Dec 2012 14:39:36 +0100, >> > WolfSec-Support <[email protected]> a écrit : >> > >> >> may there are any fw rules there in LAN interface with similar >> >> IP's/networks ? >> >> some used this under 1.2.x and after upgrading to 2.x this caused >> >> issues. >> >> >> >> onto routing: >> >> >> >> looks good >> >> >> >> here a similar setup of mine / 1 side: >> >> >> >> 192.168.253.13 link#13 UH 0 0 1500 ovpnc1 >> >> 192.168.253.14 link#13 UHS 0 0 16384 lo0 >> >> 192.168.0.0/16 192.168.253.13 UGS 0 4151616 1500 >> >> ovpnc1 >> >> 192.168.242.0/24 link#1 U 0 1191195015 1500 >> >> vr0 >> >> >> >> >> >> rgds >> >> stephan >> >> >> >> >> >> >> >> 2012/12/19 Cristian Del Carlo <[email protected]> >> >> >> >> > Hi, >> >> > >> >> > thanks for your help. >> >> > >> >> > My firewall rules are in both pfsense: >> >> > Action: Pass >> >> > Interface : Openvpn >> >> > Protocol: Any >> >> > Source: Any >> >> > Destionation: Any >> >> > >> >> > This are my routing from firewall ( without public ip ): >> >> > >> >> > pfsense 1 - client: >> >> > 10.0.8.1 link#10 UH 0 15 ovpnc2 >> >> > 10.0.8.2 link#10 UHS 0 0 lo0 >> >> > 192.168.8.0/24 10.0.8.1 UGS 0 45 ovpnc2 >> >> > 192.168.9.0/24 link#2 U 0 37598040 em1 >> >> > >> >> > pfsense 2 - server: >> >> > 10.0.8.1 link#9 UHS 0 0 lo0 >> >> > 10.0.8.2 link#9 UH 0 72 ovpns1 >> >> > 192.168.8.0/24 link#2 U 0 229122 em1 >> >> > 192.168.8.1 link#2 UHS 0 0 lo0 >> >> > 192.168.9.0/24 10.0.8.2 UGS 0 1 ovpns1 >> >> > >> >> > Could be a routing problem? >> >> > >> >> > >> >> > 2012/12/19 WolfSec-Support <[email protected]>: >> >> > > Hi, >> >> > > >> >> > > do you have special rules in VPN tunnel ? >> >> > > make sure to open OpenVPN ruleset as necessary >> >> > > >> >> > > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels >> >> > > >> >> > > but per default normally tunnel is open any<>any >> >> > > >> >> > > br >> >> > > stephan >> >> > > >> >> > > >> >> > > _______________________________________________ >> >> > > List mailing list >> >> > > [email protected] >> >> > > http://lists.pfsense.org/mailman/listinfo/list >> >> > > >> >> > >> >> > >> >> > >> >> > -- >> >> > -------------------------------------------------------- >> >> > >> >> > Cristian Del Carlo >> >> > >> >> > Il testo e gli eventuali documenti trasmessi contengono informazioni >> >> > riservate al destinatario indicato. La seguente e-mail è >> >> > confidenziale e la sua riservatezza è tutelata legalmente dal >> >> > Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della >> >> > privacy). La lettura, copia o altro uso non autorizzato o qualsiasi >> >> > altra azione derivante dalla conoscenza di queste informazioni sono >> >> > rigorosamente vietate. Qualora abbiate ricevuto questo documento >> >> > per errore siete cortesemente pregati di darne immediata >> >> > comunicazione al mittente e di provvedere, immediatamente, alla sua >> >> > distruzione. >> >> > >> >> > -------------------------------------------------------- >> >> > _______________________________________________ >> >> > List mailing list >> >> > [email protected] >> >> > http://lists.pfsense.org/mailman/listinfo/list >> >> > >> >> >> >> >> >> >> > _______________________________________________ >> > List mailing list >> > [email protected] >> > http://lists.pfsense.org/mailman/listinfo/list >> >> >> >> -- >> -------------------------------------------------------- >> >> Cristian Del Carlo >> >> Il testo e gli eventuali documenti trasmessi contengono informazioni >> riservate al destinatario indicato. La seguente e-mail è confidenziale e >> la sua riservatezza è tutelata legalmente dal Decreto Legislativo 196 >> del 30/06/2003 (Codice di tutela della privacy). La lettura, copia o >> altro uso non autorizzato o qualsiasi altra azione derivante dalla >> conoscenza di queste informazioni sono rigorosamente vietate. Qualora >> abbiate ricevuto questo documento per errore siete cortesemente pregati >> di darne immediata comunicazione al mittente e di provvedere, >> immediatamente, alla sua distruzione. >> >> -------------------------------------------------------- >> _______________________________________________ >> List mailing list >> [email protected] >> http://lists.pfsense.org/mailman/listinfo/list > > > > > -- > > Stephan Wolf > > WolfSec > Rairing 65 > CH-8108 Dällikon > > +41 43 536 1191 > +41 76 566 8222 > http://www.wolfsec.ch > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > -- -------------------------------------------------------- Cristian Del Carlo Il testo e gli eventuali documenti trasmessi contengono informazioni riservate al destinatario indicato. La seguente e-mail è confidenziale e la sua riservatezza è tutelata legalmente dal Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della privacy). La lettura, copia o altro uso non autorizzato o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere, immediatamente, alla sua distruzione. -------------------------------------------------------- _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
