IP Forwarding on pfSense
-
Hello,
I would like to know how to make IP forwarding on a pfSense because I encounter the problem explained with the diagram below:
From the Mgmt computer, I can not ping the OpenVPN LAN interface, the OpenVPN tunnel interface, or the pfSense tunnel interface. However, I can ping the pfSense LAN interface.
The VPN is correctly set to site-to-site but the 192.168.1.0/24 side can not reach the other remote network (172.16.1.0/24), the firewall seems to block the packets coming from the LAN interface to the tunnel interface.
I think it is an IP Forwarding problem of the LAN interface to the tunnel interface or NAT problem because since the OpenVPN I can ping the Mgmt computer. But I do not really know how to set up these.
Could you help me on this problem please?
Thanks.
-
Is pfSense the default gateway on the Mgmt computer?
What is the remote VPN endpoint? Is it the default gateway in its LAN?
-
No, the Mgmt computer does not have pfSense as the default gateway.
Regarding the remote endpoint, what do you mean by remote endpoint ? the Remote network to reach or the remote IP address for VPN connection ? -
@mtp_maxime said in IP Forwarding on pfSense:
No, the Mgmt computer does not have pfSense as the default gateway.
Then how and the F do you think it would talk too pfsense to go down the vpn tunnel to talk to that remote network?
Did you setup a route on the mgmt box saying hey, you want to talk to 172.16.1/24 go to 192.168.1.200?
-
You seem to be slightly aggressive in your response, but if you act as such, I do not want your help. I prefer to have someone calm who enjoys helping others rather than a haughty person.
So I reiterate my problem.
I have added the route to the remote network but that does not solve the problem because since the mgmt computer I can not even reach the tunnel interface of pfSense to go to the remote network. The pfSense itself does not let packets from the LAN to pass to the VPN.
-
You don't need to reach the tunnel network... To do so you would also need a route on the host machine.. You need to reach the IP address of pfsense in your local network, it knows how to get to the tunnel and would need to know what networks are on the far end of the tunnel.
Not aggressive just completely at a loss to how someone could wanting to set up site to site vpn without clue one to basic 101 network routing..
How about you post up your routes, and your rules and we can point out what your doing wrong!
Does your far end using pfsense as a default gateway on that end, or does it have routes on how to get back to your 192.168.1/24 network.
-
Here are the routes and rules:
PfSense Rules:
Interface: WAN
Protocol: IPv4 UDP
Source: all
port: everything
destination: WAN address
Port: 1194- routes on OpenVPN
192.168.1.0/24 via 10.8.0.1
- routes on Mgmt Computer:
172.16.1.0/24 via 192.168.1.200
The route on OpenVPN has been added by the config file of OpenVPN (route 192.168.1.0 255.255.255.0) to reach the remote network through the VPN.
Concerning the routes on pfSense, there isn't any static routes, only the gateway to get out to Internet by the WAN interface.
Are there any parameters missing? because according to a tutorial that I followed, I only opened the port allowing the VPN connection to pfSense on the WAN interface
