[pfSense] multi-tunnel routing

Andrew Mitchell andrew.mitchell at wdidata.net
Thu Jan 5 00:27:09 EST 2012 

OK, I have added:

route 192.168.16.0 255.255.255.0;
route 192.168.15.0 255.255.255.0;
route 192.168.8.0 255.255.255.0;
route 192.168.7.0 255.255.255.0;
route 192.168.1.0 255.255.255.0;

to the 10.0.7.1 server.

Now, a traceroute shows that traffic sent down the tunnel but it dies 1 hop
later:

Tracing route to 192.168.16.10 over a maximum of 30 hops

  1     1 ms     1 ms     2 ms  watchdog.snarrow.com [10.0.7.1]
  2    76 ms    73 ms    77 ms  10.8.1.2
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *     ^C

Nothing shows up in the firewall on the destination side of the tunnel.

I can't figure out where I have gone wrong. I would appreciate any advise.

Thanks,

Andrew

On Mon, Jan 2, 2012 at 8:04 AM, John Busch <jbusch175 at gmail.com> wrote:

> On Thu, Dec 29, 2011 at 5:50 AM, Andrew Mitchell
> <andrew.mitchell at wdidata.net> wrote:
> > I have 2 pfSense boxes on a peer-to-peer shared-key OpenVPN tunnel. The
> LAN
> > on the server is 10.0.7.0/24. The LAN on the client is 192.168.1.0/24.
> > Server and client have bidirectional traffic just fine.
> >
> > The client has multiple seperate peer-to-peer shared-key OpenVPN tunnels
> > tunnels to which it is also connected: 192.168.15.0/24, 192.168.16.0/24,
> > 192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24. All of those tunnels
> have
> > bidirectional traffic with the client just fine. Further,
> 192.168.16.0/24
> > can not see 192.168.0.0/24 (for example) and vice versa. This is the
> exact
> > functionality I am looking for between those subnets on the other side of
> > the client.
> >
> > However, I would like to be able to establish at least one way
> communication
> > between the server (10.0.7.0/24) and the 192.168.15.0/24,
> 192.168.16.0/24,
> > 192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24 subnets using the
> existing
> > server/client tunnel. Nothing I have tried seems to work.
> >
> > I would be grateful for any advise.
> >
> > Thanks,
> >
> > Andrew
>
> Have you tried adding an additional route statement in the advanced
> field on the server's OpenVPN config page?  For example, adding
>
> route 192.168.15.0 255.255.255.0;
>
> will route server packets destined to that network across the OpenVPN
> tunnel.  If IP forwarding on the client is enabled, it will look at
> its routing table and forward the packet appropriately.  Adding a
> statement like this for each of your listed subnets to the server's
> OpenVPN config page should achieve your objective.  Adding a similar
> statement of
>
> route 10.0.7.0 255.255.255.0;
>
> to the 192.168.15.0/24 OpenVPN configuration will ensure
> bi-directional traffic.  This statement would need to be in the
> OpenVPN config of each of the subnets you listed above.
>
> http://openvpn.net/index.php/manuals/427-openvpn-22.html
>
> - John
> _______________________________________________
> List mailing list
> List at lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120105/3c7360e8/attachment.html>

More information about the List mailing list