![]() However, there is absolutely no firewall entry at Site A that reflects traffic coming from the host on Site B's wireless network. That is, if I attempt to access a webpage on port 80 at Site A from Site B's Wireless network, the Site B firewall logs say that it is PASSING traffic from my wireless host to the server at Site A. One thing worth noting is that the firewall logs at remote ends are not displaying any activity. Site B Wireless > Site A - doesn't work! unable to ping Site A's LAN router interface or host on network, even with host firewall disabled Site B Wired > Site A - works! can ping router's interface and host on network (always has) Site A > Site B Wired - works! (always has) :pĬmb, here's a breakdown of every scenario I have tried… There was never a need to access the wireless network from the server net in the past, but it's better (and makes more sense) to have it anyway…as long as we can get this to work. On a side note, I was definitely missing the 10.10.20.0 route, though. I think that the router is attempting to send the traffic through the VPN interface, since if I attempt to traceroute a different subnet not in my network (for instance, 10.0.155.1), the router will just pass it out of its WAN interface. I cannot ping the VPN gateway (10.254.0.1) from Site B's wireless network, while a ping from the wired network succeeds. The Site B Wireless > Site A remote server traceroute times out at the second hop (should be 10.254.0.1), and the Site A > Site B Wireless traceroute times out at the second hop. I am still testing with a firewall rules at the top configured to "Pass" any traffic. However, I'm still unable to communicate between networks in either direction. I observed in the pfSense IPv4 routes table that the following route was added: I added that to the advanced options under the OpenVPN server settings and let the VPN connection re-establish itself. **Note: the order of rules shown (allow all at the top) is only temporary for the purpose of diagnosing. Here are some configuration screenshots from the router at “Site B” (VPN client).Īnd here are the “Site A” (VPN server) OpenVPN firewall rules: And how could the same rule be passing traffic from the wired network but rejecting it from the wireless network? But what could that be? I have the firewall rules under the OpenVPN tab set the same for allowing both the wired and wireless traffic. However, something at Site A must be blocking. To me, it appears that pfSense at Site B is attempting to route the traffic over the VPN to 10.254.0.1. Wireless Tracing route to 10.0.10.1 over a maximum of 30 hops Wired Tracing route to 10.0.10.1 over a maximum of 30 hops As you can see, the wired wireless connection times out after hitting the incoming interface for the wireless network. Here is a traceroute comparison of wired versus wireless. I have checked the routes, and the route to 10.0.10.0/24 through the VPN connection appears there. I have tried setting all of the relevant firewall rules to allow ALL TRAFFIC from any source to any destination. I have made every attempt at troubleshooting this strange problem. I cannot remember making any changes that could have affected this, other than modifying a few firewall rules. For a whole year prior to that, Site B’s wireless network was always able to access Site A’s server subnet. Up until about two weeks ago, everything worked beautifully. The wired and wireless networks at Site B have no problems routing between each other. However, the Wireless network is unable to access anything across the VPN. The wired network at Site B has absolutely no problems accessing the servers at Site A. ![]() The OpenVPN server uses 10.254.0.0/24 as the tunnel network.īoth networks at Site B must be able to access the server subnet at Site A via an OpenVPN site-to-site tunnel. Site A has servers on the subnet 10.0.10.0/24. The router at Site A operates as an OpenVPN server, while the router at Site B is an OpenVPN client. ![]() I have two sites connected together by two routers running the latest stable release of pfSense. However, being that setting up a VPN properly involves all 3, I thought this was the best forum for my problem. I’m not sure if this is a VPN issue, a firewall issue, or a routing issue. I hope this is the appropriate forum for this issue. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |