Skype on local subnet problem and Webconfigurator access

kiolul

Hi everyone,

I have in project to replace an old ISA Server with the solution PfSense + Squid + Squidguard
I have install a lab environment (cf attachment) wich work great on my local subnet attach to my LAN card (everythings is OK).
But I have problems with subnet on a secondary site connected with the primary by a Lan To Lan link.
Site A: 10.1.0.0/16
Site B: 10.80.0.0/16
Web access works great on site B but the users can't connect to Skype… and the admin can't connect to WebConfigurator.
At the biginning I think it was a firewall issue but all ports are open from/to this subnet.
Thanks for your help.
![Network Diagram.png](/public/imported_attachments/1/Network Diagram.png)
![Network Diagram.png_thumb](/public/imported_attachments/1/Network Diagram.png_thumb)

wallabybob

possibly your pfSense box doesn't have a route to 10.80.0.0/16.

kiolul

Thanks for your answer.
I have added a static route to 10.80.0.0/16 with the same gateway than the LAN interface and now I can access the WebConfigurator interface but skype does not connect anyway.

wallabybob

@kiolul:

now I can access the WebConfigurator interface but skype does not connect anyway.

Can you access (say) http://en.wikipedia.org from the 10.80.0.0/16 subnet? If not, what does the browser report when access is attempted?

Does your pfSense box perform NAT?

What does skype report when access from the 10.80.0.0/16 subnet is attempted?

kiolul

Yes I always had access to http and https site on subnet 10.80.0.0/16 with and without the static route. The static route permitted access to the web configurator from this subnet.
The pfsense box perform automatic outbound NAT only.
Skype reports only a generic message like "Skype can't connect".
Thx.

gw_pfsense.PNG_thumb

route_pfsense.PNG_thumb

phil.davis

I suppose:
The site B LAN has a router gateway address managed by the LANtoLANbyISP - e.g. 10.80.0.1/16 ; and
SiteB Client has that set as its default gateway (and maybe also DNS server?); and
LANtoLANbyISP router setup knows that its default route to the internet is to your pfSense in SiteA; and
Your pfSense has a rule on LAN that allows traffic from 10.80.0.0/16 to any (or any to any)

Can you access any other non-http/https from SiteB? (ping 8.8.8.8)
I am thinking that squid proxy in the middle might be making your http/https work, it does the www requests on your behalf, then can return them to you internally, but for other things either the routing or firewall rules are not letting things connect up.

kiolul

I have decided to restart the configuration of my pfsense from scratch and I find the problem.
During the initial configuration I have installed numerous package to test like HAVP etc… and theys corrupted my squid conf with options in the "custom options" field.
So I have removed it and now keep only squid and squidguard.
Thanks for your help.