4. Can't ping VPNrouter (now with beautiful picture)

Can't ping VPNrouter (now with beautiful picture)

  • Z

    I have pfsense running as my primary router with the follow relevant config (digits purposely obfuscated):

    eth1 (LAN) :            192.168.1.1 /24
    eth2 (LANtoVPNRouter) : 192.168.2.1 /29  with defined gateway 192.168.2.2
    wan (default gateway) : 100.100.100.100

    there is a VPNRouter (running ClearOS) with the following relevant config:

    eth1 (LANtoVPNRouter) : 192.168.2.2 /29
    wan :                  100.100.100.101

    I also have PC with the following relevant config:

    eth1 (LAN) :            192.168.1.50 /24
    gateway :              192.168.1.1

    I am experiencing the following weirdness:

    Successful Pings:

    192.168.1.50 -> 192.168.1.1
    192.168.1.50 -> 192.168.2.1

    192.168.2.1 -> 192.168.2.2

    192.168.2.2 -> 192.168.2.1
    192.168.2.2 -> 192.168.1.50    !!!!!!!??

    Failed Ping:

    192.168.1.50 -> 192.168.2.2    !!!!!!!??

    tracert 192.168.2.2 (from 192.168.1.50) goes out the WAN port on my pfsense router!  I did a packet capture of my WAN port to confirm.  Why doesn't it go out 192.168.2.1?

    The thing is, I have this identical setup at 4 different locations, and they all work fine.  I can ping both ways.  Tracert goes out the proper interface.  Obviously something is not identical, but I can't figure out what.

    I tried setting a static route on pfsense of 192.168.2.0/29 via 192.168.2.2 and this fixed the ping and tracert problems, but it also brought my network to its knees (some kind of storm?)  Anyway, I don't think a static route is necessary when the machine has an interface on both subnets.

    More info:

    • pfsense is running the latest version 2.3.2 (as are all the other sites)

    • pfsense is running on VMware (as are all the other sites)

    • One difference between this site and the others is that the pfsense and VPNRouter are on different physical machines, both running VMware, whereas the other sites have both the pfsense box and the VPNRouter on the same ESXi instance.  This shouldn't matter, however, as I can ping just fine between both machines, as indicated above.

    • I have tried other PCs on the same LAN with the same wonky results above (I can ping from VPNRouter to PC, but not in reverse; tracert goes out the pfsense WAN).

    • Status / Gateways shows status of the 192.168.2.2 gateway as online.

    • Status / System Logs / System / Gateways is showing the following error continuously :
      Jul 27 11:30:32  dpinger  VPNRouterGateway 192.168.2.2: sendto error: 64

    0
  • Z

    I have added a picture summarizing my problem.  Halps

    0
  • Z

    Eh… no one helped me so I just went through the long hassle of installing a new instance of pfsense (on the very same VMware box) and everything seems to be working fine...

    Only difference between this instance and the old one is that the old one has been upgraded through several versions and this one is a fresh install of 2.3.2, so.... meh

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy