[pfSense] multi-tunnel routing
andrew.mitchell at wdidata.net
Thu Jan 5 00:27:09 EST 2012
OK, I have added:
route 192.168.16.0 255.255.255.0;
route 192.168.15.0 255.255.255.0;
route 192.168.8.0 255.255.255.0;
route 192.168.7.0 255.255.255.0;
route 192.168.1.0 255.255.255.0;
to the 10.0.7.1 server.
Now, a traceroute shows that traffic sent down the tunnel but it dies 1 hop
Tracing route to 192.168.16.10 over a maximum of 30 hops
1 1 ms 1 ms 2 ms watchdog.snarrow.com [10.0.7.1]
2 76 ms 73 ms 77 ms 10.8.1.2
3 * * * Request timed out.
4 * * * Request timed out.
5 * ^C
Nothing shows up in the firewall on the destination side of the tunnel.
I can't figure out where I have gone wrong. I would appreciate any advise.
On Mon, Jan 2, 2012 at 8:04 AM, John Busch <jbusch175 at gmail.com> wrote:
> On Thu, Dec 29, 2011 at 5:50 AM, Andrew Mitchell
> <andrew.mitchell at wdidata.net> wrote:
> > I have 2 pfSense boxes on a peer-to-peer shared-key OpenVPN tunnel. The
> > on the server is 10.0.7.0/24. The LAN on the client is 192.168.1.0/24.
> > Server and client have bidirectional traffic just fine.
> > The client has multiple seperate peer-to-peer shared-key OpenVPN tunnels
> > tunnels to which it is also connected: 192.168.15.0/24, 192.168.16.0/24,
> > 192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24. All of those tunnels
> > bidirectional traffic with the client just fine. Further,
> > can not see 192.168.0.0/24 (for example) and vice versa. This is the
> > functionality I am looking for between those subnets on the other side of
> > the client.
> > However, I would like to be able to establish at least one way
> > between the server (10.0.7.0/24) and the 192.168.15.0/24,
> > 192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24 subnets using the
> > server/client tunnel. Nothing I have tried seems to work.
> > I would be grateful for any advise.
> > Thanks,
> > Andrew
> Have you tried adding an additional route statement in the advanced
> field on the server's OpenVPN config page? For example, adding
> route 192.168.15.0 255.255.255.0;
> will route server packets destined to that network across the OpenVPN
> tunnel. If IP forwarding on the client is enabled, it will look at
> its routing table and forward the packet appropriately. Adding a
> statement like this for each of your listed subnets to the server's
> OpenVPN config page should achieve your objective. Adding a similar
> statement of
> route 10.0.7.0 255.255.255.0;
> to the 192.168.15.0/24 OpenVPN configuration will ensure
> bi-directional traffic. This statement would need to be in the
> OpenVPN config of each of the subnets you listed above.
> - John
> List mailing list
> List at lists.pfsense.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the List