Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can't ping VPNrouter (now with beautiful picture)

    Routing and Multi WAN
    2
    4
    876
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zippydan last edited by

      I have pfsense running as my primary router with the follow relevant config (digits purposely obfuscated):


      eth1 (LAN) :            192.168.1.1 /24
      eth2 (LANtoVPNRouter) : 192.168.2.1 /29  with defined gateway 192.168.2.2
      wan (default gateway) : 100.100.100.100

      there is a VPNRouter (running ClearOS) with the following relevant config:


      eth1 (LANtoVPNRouter) : 192.168.2.2 /29
      wan :                  100.100.100.101

      I also have PC with the following relevant config:


      eth1 (LAN) :            192.168.1.50 /24
      gateway :              192.168.1.1

      I am experiencing the following weirdness:


      Successful Pings:

      192.168.1.50 -> 192.168.1.1
      192.168.1.50 -> 192.168.2.1

      192.168.2.1 -> 192.168.2.2

      192.168.2.2 -> 192.168.2.1
      192.168.2.2 -> 192.168.1.50    !!!!!!!??

      Failed Ping:

      192.168.1.50 -> 192.168.2.2    !!!!!!!??

      tracert 192.168.2.2 (from 192.168.1.50) goes out the WAN port on my pfsense router!  I did a packet capture of my WAN port to confirm.  Why doesn't it go out 192.168.2.1?

      The thing is, I have this identical setup at 4 different locations, and they all work fine.  I can ping both ways.  Tracert goes out the proper interface.  Obviously something is not identical, but I can't figure out what.

      I tried setting a static route on pfsense of 192.168.2.0/29 via 192.168.2.2 and this fixed the ping and tracert problems, but it also brought my network to its knees (some kind of storm?)  Anyway, I don't think a static route is necessary when the machine has an interface on both subnets.

      More info:

      • pfsense is running the latest version 2.3.2 (as are all the other sites)

      • pfsense is running on VMware (as are all the other sites)

      • One difference between this site and the others is that the pfsense and VPNRouter are on different physical machines, both running VMware, whereas the other sites have both the pfsense box and the VPNRouter on the same ESXi instance.  This shouldn't matter, however, as I can ping just fine between both machines, as indicated above.

      • I have tried other PCs on the same LAN with the same wonky results above (I can ping from VPNRouter to PC, but not in reverse; tracert goes out the pfsense WAN).

      • Status / Gateways shows status of the 192.168.2.2 gateway as online.

      • Status / System Logs / System / Gateways is showing the following error continuously :
        Jul 27 11:30:32  dpinger  VPNRouterGateway 192.168.2.2: sendto error: 64

      1 Reply Last reply Reply Quote 0
      • Z
        zippydan last edited by

        I have added a picture summarizing my problem.  Halps

        1 Reply Last reply Reply Quote 0
        • Z
          zippydan last edited by

          Eh… no one helped me so I just went through the long hassle of installing a new instance of pfsense (on the very same VMware box) and everything seems to be working fine...

          Only difference between this instance and the old one is that the old one has been upgraded through several versions and this one is a fresh install of 2.3.2, so.... meh

          1 Reply Last reply Reply Quote 0
          • I
            iceboxrj last edited by

            i have this problem to
            :(

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy