routing issue in LAN

  • Hello Everyone ,
    I have the attached setup 0_1528977716896_Pfsense.jpg

    I deployed pfsense in ESXI and disabled packet filter , if I ping from to pc in network I can see the traffic and ICMP reply as well but in is request time out
    what do I missing here ?
    any help is highly appreciated

  • LAYER 8 Global Moderator

    is that a typo of a gateway of .255 are you using a mask larger than /24 if /24 .255 is broadcast address.

    Is that some road warrior vpn into what? I that some vpn server on

    If pfsense is a downstream router from this box why is its gateway .254?

  • This gateway that you have listed as "" which should probably read "" must know the route back to the network in order for your set up to work. Check that as your first step, if there is a static route already in place then the problem is somewhere else.

  • Thank you both for your response , the 255 is typo it is 254 :)

    I was suspecting the GW as I don't have a control over it , will check with the admin and see

  • LAYER 8 Global Moderator

    Ok so is some vpn server, and is a what exactly? A site to site vpn off this vpn server? But pfsense is pointing to some upstream router in the network?

    Then that is not going to work.. If this 192.168.1/? network is off of this then pfsense would need a route to know to get send traffic to to get to 192.168.1/? network

  • is the VPN client IP , that can reach the server successfully and the VPN server has default route which is GW , then I have pfsense with 2 interface
    WAN 10.10.10. 98 which is DHCP address from GW and
    LAN with
    the internal network is on and if VPN client ping PC , I can see that PC reply back but on the VPN client is request time out

  • LAYER 8 Global Moderator

    exactly to get to pfsense needs to send traffic back to, if its sends it to how will go back down the vpn? This is why its always better to put the vpn at the edge vs some internal server.

    How is it that knows how to get to 192.168.10? Because pfsense would nat that traffic to its address.

    So your either going to have to create a route on pfsense to use to get to 192.168.1/24 or your going to have to source nat on so traffic from 192.168.1 looks like it came from to pfsense.

  • hmm , I still can't get it work , not sure if I did the right thing though
    I created new gateway on pfsense with IP and then created static route to with the gateway I created. is that right ?

  • LAYER 8 Global Moderator

    Yes in theory that would be correct... But what I have found over the years is users say they did X when they really did Y or something that wouldn't even be in the alphabet when they said they did X... When they actually did something more like Σ (uppercase sigma) if that doesn't look right ;)

    So without more details of your config it is not possible for me to help you find out what the root of your problem is.

  • Make sense , upon that I uploaded full file with all the details
    thank you :)

  • BTW the IP are different now , and I put the a new diagram there :)

  • LAYER 8 Global Moderator

    Your route is

    That is never going to work.. But since its your default it should work..

    So your remote client knows to get to 192.168.42/24 it needs to go down the tunnel. Then your VPN devices knows how to get to this as well via pfsense. And your allowing the firewalling? And your not natting at pfsense. Or are you port forward and having your client try and talk to pfsense wan IP

    So are you still having issues.. If so going to need the details ask about.

Log in to reply