interface work al 80%
-
@johnpoz Yes, the network is made as you did the scheme. When I connect to wifi the dhcp gives me the 192.168.110.x network and I can ping the 192.168.2.x network but I don't pin the 192.168.3.x network, not even the site 1 network pfsense. LAN the dhcp gives me the ip 192.168.2.x and from there I can ping the network of site 1.
-
might be best to take screenshots of your firewall rules on the WIFI tab
also screenshots of your VPN-server configuration.screenshots of the routing table on both pfsense might help.
-
Seems like you probably have a missing route to 192.168.110.x at the remote site.
Bit it could also be a missing firewall rule somewhere.
Steve
-
@stephenw10 here are the rules
-
And the rules and routes at the remote site?
-
-
@miami71it this is not 192.168.110/24
So how would the site know to go back down the tunnel to get to 192.168.110? I specifically asked you this very question - and you said it was correct, clearly not from your screenshot.
-
@johnpoz that ip is from another network
but sorry, but if I connect with the cable it works because it doesn't work with wifi? even without local network rules? -
Check Diag > Routes at the remote site. Does it have a route back to 192.168.110.x?
-
@miami71it said in interface work al 80%:
that ip is from another network
You are not telling your site where to go to get to a 192.168.110 network - so NO its never going to work - ever.. The site doesn't know how to get to a 192.168.110 network, so it sends it out its default gateway.
You tell it how to get to 192.168.2, so as I stated before tell it how to get to 192.168.110
-
@johnpoz sorry but I don't want to be insistent, I understand what you are saying, I have to put 192.168.110.0/24 in the local network, this is very clear to me but before doing it I wanted to understand how but if I connect with the LAN cable it works and with WIFI it doesn't, that was what I was trying to understand
-
@miami71it said in interface work al 80%:
I have to put 192.168.110.0/24 in the local network
When - sure wasn't in your screenshot
If you plug in with a cable you are on the 192.168.2 network.. Sorry but with 192.168.3 site not knowing how to get to 192.168.110 there is no possible way it worked with a wire connected and client getting 192.168.110.x address..
Doesn't matter if your wired or wireless, without a route to 192.168.110 there is no way it was working.
If you plug in and get a 192.168.2.x address - then sure you told the other side how to get to 192.168..2 via coming down the tunnel.
-
@johnpoz 369 / 5.000
Risultati della traduzione
ok now you have clarified my ideas.
in fact from site 1 in the remote network there is the network 192.168.2.x, so I have to put them also the 110, in practice it comes out like this
192.168.2.0/24, 192.168.110.0/24doing so now I pingo
I apologize again, I understood what you wanted me to do, but I wanted to understand the motivation, it is also done to learn :)
now I have learned
a thousand thanks -
Yup, a route must exist both ways.
