Update pfsense 2.0.1 stable to 2.1 problem with routes
-
Yes, If correct. Example:
LAN: 10.0.0.1/16
ROUTES:
NETWORK: 192.168.1.0/16
netstat -ar
192.168.1.0/16 10.0.0.4 UGS 0 0 em0
The ip 192.168.1.20.is ip to remote VPN ipsec, but I add route in my linux, and works fine.
EXAMPLES:
PING FROM PFSENSE:
[2.1-RELEASE][admin@pfsense]/root(6): ping 192.168.1.20
PING 192.168.1.20 (192.168.1.20): 56 data bytes
64 bytes from 192.168.1.20: icmp_seq=2 ttl=127 time=34.671 ms
64 bytes from 192.168.1.20: icmp_seq=3 ttl=127 time=31.521 ms
64 bytes from 192.168.1.20: icmp_seq=4 ttl=127 time=30.963 ms
64 bytes from 192.168.1.20: icmp_seq=5 ttl=127 time=22.719 ms
^C
–- 192.168.1.20 ping statistics ---
6 packets transmitted, 4 packets received, 33.3% packet loss
round-trip min/avg/max/stddev = 22.719/29.968/34.671/4.418 msTRACEROUTE FROM PFSENSE TO HOST ROUTE:
[2.1-RELEASE][admin@pfsense]/root(7): traceroute 192.168.1.20
traceroute to 192.168.1.20 (192.168.1.20), 64 hops max, 52 byte packets
1 10.0.0.4 (10.0.0.4) 7.204 ms 8.604 ms 7.758 ms
2 192.168.1.20 (192.168.1.20) 25.165 ms 76.467 ms 25.152 msPING TO HOST FROM HOST LAN(Opensuse), MY PC FOR EXAMPLE:
linux-r1m0:~ # ping 192.168.1.20
PING 192.168.1.20 (192.168.1.20) 56(84) bytes of data.linux-r1m0:~ # traceroute 192.168.1.20
traceroute to 192.168.1.20 (192.168.1.20), 30 hops max, 40 byte packets using UDP
1 ip_isp (ip_isp) 9.503 ms 8.405 ms 7.266 ms
2 ip_isp (62.14.37.53) 6.195 ms 6.098 ms 4.926 ms
3 192.168.66.121 (192.168.66.121) 5.748 ms 4.644 ms 5.577 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *linux-r1m0:~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0Here show how pfsense not routing the traffic to host…And before update 2.0.1 to 2.1, works fine.
Pfsense not routing works...
Can I help me?
Reboot the pfsense and not working. I quit the route, and created again and not works...
-
I have a 2.1-RELEASE system with a static route that goes across LAN to another test router, and that is working (attached).
Your "netstat -ar" reports a route for 192.168.1.0/16 - that is an unusual way to say it.
Should it be:
192.168.0.0/16 or
192.168.1.0/24?Post your pfSense static route screen, and the pfSense Diagnostics->Routes.
Edit: attachment added.
-
Thanks for all.
I will not put the picture, because I will not show my internal range ips. I'm just saying that worked perfectly, and now does not work any of the routes, we have many more. What a coincidence that does not work any not? If I raise the old backup pfsense I did, pulling smoothly … Ummm maybe I should install pfsense 2.1 stable from 0 instead of doing the upgrade not you think?
Thanks.
-
Ummm maybe I should install pfsense 2.1 stable from 0 instead of doing the upgrade not you think?
Pretty much valid point for any OS out there.
-
I'd ALWAYS opt for a fresh install where possible for ANY OS, including pfsense over upgrading. That said, I'll be forced to upgrade on at least one distant machine running in ESXi soon and I'm looking forward to being locked out :o
-
I will not put the picture, because I will not show my internal range ips.
Internal private IPv4 address space IPs are just that - nobody can route to them across the real internet, so they cannot be used by outsiders reading the board trying to attack your site, DOS your site…
At this point of fault-finding, if you need more help, then the fine detail of your network and settings is needed. Otherwise we are just guessing what might or might not be the problem. -
I have made to detail like this but with other internal ips, but the argument is the same do not you think? give that more do not understand … If I work before and after the update no. Especially since it is a matter of ROUTES, get it done any firewall, even a desktop linux or even windows ... do not understand anything ... I'm sure I do an installation DeSade 0 of version 2.1 stable and runs smoothly
Is more, even going further, we have another firewall in production specifically for servers and those routes work perfectly if I wear that as a gateway server, is not it already pretty rare? Something in the update has fucked up, we're talking about routes ...
Thanks anyway.
-
Yeah, don't use upgrades. Do a clean install. Especially when it takes minutes.
-
wow now I have installed pfsense 2.1 stable from 0, install clean, and the routes not found…
I dont understand...
-
Ummmmm… routes not found.
Can you give me another example of what you are trying to do.
What is the IP of the first computer and what is the IP of the second computer you are trying to ping?
-
Thanks for your reply and interesting.
LAN: 10.0.0.1/16
ROUTES:
NETWORK: 192.168.1.0/16
netstat -ar
192.168.1.0/16 10.0.0.4 UGS 0 0 em0
The ip 192.168.1.20.is ip to remote(route), but I add route in my linux, and works fine.
EXAMPLES:
PING FROM PFSENSE:
[2.1-RELEASE][admin@pfsense]/root(6): ping 192.168.1.20
PING 192.168.1.20 (192.168.1.20): 56 data bytes
64 bytes from 192.168.1.20: icmp_seq=2 ttl=127 time=34.671 ms
64 bytes from 192.168.1.20: icmp_seq=3 ttl=127 time=31.521 ms
64 bytes from 192.168.1.20: icmp_seq=4 ttl=127 time=30.963 ms
64 bytes from 192.168.1.20: icmp_seq=5 ttl=127 time=22.719 ms
^C
–- 192.168.1.20 ping statistics ---
6 packets transmitted, 4 packets received, 33.3% packet loss
round-trip min/avg/max/stddev = 22.719/29.968/34.671/4.418 msTRACEROUTE FROM PFSENSE TO HOST ROUTE:
[2.1-RELEASE][admin@pfsense]/root(7): traceroute 192.168.1.20
traceroute to 192.168.1.20 (192.168.1.20), 64 hops max, 52 byte packets
1 10.0.0.4 (10.0.0.4) 7.204 ms 8.604 ms 7.758 ms
2 192.168.1.20 (192.168.1.20) 25.165 ms 76.467 ms 25.152 msPING TO HOST FROM HOST LAN(Opensuse), MY PC FOR EXAMPLE:
linux-r1m0:~ # ping 192.168.1.20
PING 192.168.1.20 (192.168.1.20) 56(84) bytes of data.linux-r1m0:~ # traceroute 192.168.1.20
traceroute to 192.168.1.20 (192.168.1.20), 30 hops max, 40 byte packets using UDP
1 ip_isp (ip_isp) 9.503 ms 8.405 ms 7.266 ms
2 ip_isp (62.14.37.53) 6.195 ms 6.098 ms 4.926 ms
3 192.168.66.121 (192.168.66.121) 5.748 ms 4.644 ms 5.577 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *linux-r1m0:~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0In pfsenes 2.0.3 stable works fine….
-
More info, the host 10.0.0.4 is a linux which is connected to a vp. The remote IP of the vpn where I have to get is ip 192.168.1.20
Simple:
LAN PFSENSE: 10.0.0.1
LAN LINUX WHICH CONNECTED TO REMOTE VPN: 10.0.0.4
IP LOCAL TUNNEL VPN THAT CONNECTED LINUX MACHINE: 192.168.1.20I have add first gateway 10.0.0.4. When in routes, add that to reach the IP 192.168.1.20, pull the connection from 10.10.0.4.
In pfsense 2.0.3 works fine.
Is more, I have a pfsense 2.0.3 in production if I put the IP gateway, the network came through 10.0.0.4 192.168.1.20 without problems … do not understand what is the problem if a simple ROUTE! !
-
Do you have firewall rules to allow all this?
And what is the VPN type?
-
I've never had to add any rules to establish pfsense routes … But still, I tried to add that whatever comes from pfsense network ip 192.168.1.20 bound to use the 10.0.0.4 gateway and even with those. well .. There is a big bug because I'm looking at all options for the new pfsense 2.1 stable (install from scratch) and I see nothing. It's a simple route god!
-
Where is this VPN running and what kind of VPN is it?
-
where is the ip is 10.100.100.4 vpn, I said before the 10.0.0.4 for not posting the actual ip security of our network. In linux machine the vpn type is vpnc, but that's not important because it used to work on the other pfsense, is a route again.
I will flash images, even my real internal ips how desperate I am that I understand nothing.
ADD GATEWAY:
http://imageshack.us/photo/my-images/10/bzd7.png/
ADD ROUTE:
http://imageshack.us/photo/my-images/30/16c.png/
just in case, I added up a rule in pfsense lan but does not work well
http://imageshack.us/photo/my-images/545/f487.png/
repeat in pfsense 2.0.1 this works
-
the ip where I want to end, is 192.168.1.20, this in the linux server, 10.100.100.4, I mean right?
Sorry for my english.
Thanks for all.
-
Trying to route in and out of the same interface.
The firewall rule you would need is:
source: LANnet destination: 192.168.1.20 allow gateway: system default10.100.100.4 is not in the 10.0.0.1/16 subnet
Steve
-
10.0.0.1/16 network that I commented that it was fictional, it was not real, was to simulate my local network to not put my ips internal rank for SAFETY!
IP REAL:
LAN PFSENSE: 10.100.100.3
IP LINUX VPNC: 10.100.100.4
IP where I'm going, which is connected to the vpn 10.100.100.4: 192.168.1.20http://imageshack.us/photo/my-images/853/9b7f.png/
clearer the water …
-
Is more, from pfsense if I get to the IP 192.168.1.20
[2.1-RELEASE][root@pfsense-mo2o-ketchum.mo2o.com]/root(1): ping 192.168.1.20
PING 192.168.1.20 (192.168.1.20): 56 data bytes
64 bytes from 192.168.1.20: icmp_seq=2 ttl=127 time=50.328 ms
64 bytes from 192.168.1.20: icmp_seq=3 ttl=127 time=46.436 ms
64 bytes from 192.168.1.20: icmp_seq=4 ttl=127 time=43.714 ms
64 bytes from 192.168.1.20: icmp_seq=5 ttl=127 time=46.687 msIs more:
netstat -ar return:
192.168.1.20/32 10.100.100.4 UGS 0 6 em0
From ip host lan pfsense, for example, 10.100.100.200, try to traceroute:
root@pre:~# traceroute 192.168.1.20
traceroute to 192.168.1.20 (192.168.1.20), 30 hops max, 60 byte packets
1 isp (ip public isp) 1.534 ms 1.592 ms 1.611 ms
2 isp (ip public isp) 2.107 ms 2.199 ms 2.234 ms
3 192.168.66.121 (192.168.66.121) 2.747 ms 2.847 ms 2.868 ms^CPfsense not route working…
This routed me to the internet instead of enrutarme to 10.100.100.4 to reach 192.168.1.20, I have explained well. I think I can explain and better.
What is the problem?? I dont understand anything...
