• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Local computer LAN ARP problem

Scheduled Pinned Locked Moved General pfSense Questions
8 Posts 3 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z
    zhjy23212
    last edited by Sep 12, 2016, 5:06 PM

    Hi everyone, I just started using pfSense very recently. I have three servers with virtual machines. I now use a VPN to access them. Each server has a pfsense router, address 192.168.1.1, 192.168.2.1, 192.168.3.1, and I have service node virtual machine, static ip 192.168.x.201.

    The VPN server works for bridging, I can log in and ping the router on each one. But if I login in VPN on server1, I cannot reach virtual machine on server1, instead I can reach another two on other servers. Same on other VPN on other servers.

    I checked the ARP table on router, the MAC address and IP address are there, but on my own computer, no ARP information about the service node.

    Any idea about this?
    Thanks in advance.

    1 Reply Last reply Reply Quote 0
    • H
      heper
      last edited by Sep 12, 2016, 5:09 PM

      please draw a schematic. (don't try to use ascii-art)

      why do you want/need 3 seperate pfsense instances ? looks like overcomplicating, something easy

      1 Reply Last reply Reply Quote 0
      • Z
        zhjy23212
        last edited by Sep 12, 2016, 5:51 PM

        @heper:

        please draw a schematic. (don't try to use ascii-art)

        why do you want/need 3 seperate pfsense instances ? looks like overcomplicating, something easy

        Sorry about my terrible drawing.

        The schematic is like this.

        I use static routing for addresses other than local server, so VPN client can access all three host, except the local service node.

        IMG_3097.JPG
        IMG_3097.JPG_thumb

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Sep 12, 2016, 6:26 PM

          Ok I understand why you might want to run pfsense on each esxi host.  But what is the point of the vpn connection?  And where is that coming from?  Is that coming from somewhere out on the internet past the switch that I guess you have a common network that connects all your pfsense vm's wan interfaces too?

          So this becomes a transit network.  And now you just need to route between your pfsense machines and allow for the correct filewall rules to allow access..  Not understanding the point of a vpn that is a vm client on esxi host 1?

          What is this network that your pfsense wan interfaces are connected too?  Is this public ip space?  Just open to the internet or is this also rfc1918 space?  Where is the vmkern for these esxi hosts, also on this same network?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • Z
            zhjy23212
            last edited by Sep 12, 2016, 6:45 PM

            @johnpoz:

            Ok I understand why you might want to run pfsense on each esxi host.  But what is the point of the vpn connection?  And where is that coming from?  Is that coming from somewhere out on the internet past the switch that I guess you have a common network that connects all your pfsense vm's wan interfaces too?

            So this becomes a transit network.  And now you just need to route between your pfsense machines and allow for the correct filewall rules to allow access..  Not understanding the point of a vpn that is a vm client on esxi host 1?

            What is this network that your pfsense wan interfaces are connected too?  Is this public ip space?  Just open to the internet or is this also rfc1918 space?  Where is the vmkern for these esxi hosts, also on this same network?

            Thanks for your reply. The vpn connection is from the LAN of ESXi host, say pfsense1 wan address is 10.78.0.250, pfsense2 wan address is 10.78.0.251, my PC address is 10.78.0.211. Out there is another physical router in office.

            I use VPN connection is because I set firewall rules that block wan address from accessing LAN network. In the future I have to setup serval more virtual machines in each host.

            Nothing related to firewall, I tried a VPN connection on host2, it can ping all the nodes except (B) which in the same LAN.

            1 Reply Last reply Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator
              last edited by Sep 12, 2016, 7:03 PM

              Well if your setup works for esxi1 and esxi2, what is different on esxi3??  I don't understand your goal here, but this is just plain common sense.

              Is this PC doing the vpn actually on a different network or its really on your 10.78.0/24 ??

              I don't get the point of this setup to be honest..  If your on rfc1918 space why is are you pfsense natting?  Are they?  Are these hosts running enterprise licensing where you can do vmotion between them, etc.  or are they just stand alone esxi free hosts?

              Not getting the point of the vpn other than making your life difficult??  Why would you need to encrypt traffic over this 10.78.0 network?  If you want to firewall your traffic on each esxi host to your normal network that could be done with 1 vm pfsense box or appliance in your real world network, etc.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              1 Reply Last reply Reply Quote 0
              • Z
                zhjy23212
                last edited by Sep 12, 2016, 9:38 PM

                @johnpoz:

                Well if your setup works for esxi1 and esxi2, what is different on esxi3??  I don't understand your goal here, but this is just plain common sense.

                Is this PC doing the vpn actually on a different network or its really on your 10.78.0/24 ??

                I don't get the point of this setup to be honest..  If your on rfc1918 space why is are you pfsense natting?  Are they?  Are these hosts running enterprise licensing where you can do vmotion between them, etc.  or are they just stand alone esxi free hosts?

                Not getting the point of the vpn other than making your life difficult??  Why would you need to encrypt traffic over this 10.78.0 network?  If you want to firewall your traffic on each esxi host to your normal network that could be done with 1 vm pfsense box or appliance in your real world network, etc.

                Thanks again for your reply. Maybe my description made things complicated. My apologies.
                Simply put, my computer in network 10.78.0.0/24, a server with virtual pfsense router 10.78.0.250, with the VPN connection, I can connect every thing(8.8.8.8, 192.168.1.1) except the node within whose address is 192.168.1.201, VPN client in that subnet is 192.168.1.10, I cannot ping that, tracert return nothing.

                The cause I found is ARP, on router ARP table 192.168.1.201 is associated with a MAC address, on my own computer ARP, no record about the address or MAC.

                Do you have any idea about this problem? Thanks!

                1 Reply Last reply Reply Quote 0
                • Z
                  zhjy23212
                  last edited by Sep 12, 2016, 10:27 PM

                  finally found solution for the ARP problem, nothing with pfSesne but the vmware.

                  Simpy set promiscuous mode on for vSwitch will solve this.

                  Reference : http://unix.stackexchange.com/questions/23004/openvpn-bridge-cant-access-machines-on-local-network

                  1 Reply Last reply Reply Quote 0
                  1 out of 8
                  • First post
                    1/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received