Site to Site changing my WAN IP? SOLVED



  • Hi,
    I was wondering if someone else has had this issue before, as a month had the issue but thought because the versions were different, as this week both pfSense box have the same version 2.3.5 and at first was working great. But then there was a power outage, and for some odd reason site 2 is getting the WAN IP of site 1 which does not make sense. In theory Site 1 should keep its own WAN IP and Site 2 also keeps its own WAN IP.

    Server config: https://imgur.com/a/3PcrlRD

    Client Config: https://imgur.com/a/3IEkfgl

    Thank you


  • Netgate Administrator

    Where exactly are you seeing these switched IPs?

    If those are two different sites it seems almost impossibly unlikely they would have swapped WAN IPs.

    Steve



  • Thanks for the reply, only seeing that switched IP on Site 2 which is grabbing the WAN of Site 1, i go on a computer on Site 2 and put myIP on google and i see the IP WAN of Site 1 which i have no idea why.

    Thank you


  • Netgate

    Because it's routing over the VPN and out the WAN at the other side?

    What you're saying is otherwise pretty much impossible.

    Look at the address on WAN in Status > Interfaces.


  • Netgate Administrator

    Exactly that ^

    You may have set Redirect IPv4 Gateway if you;re using SSL/TLS.

    Steve



  • Thanks for the replies im attaching pictures

    https://ibb.co/gR3U98
    https://ibb.co/jbSZbo
    https://ibb.co/di4rNT
    https://ibb.co/crN0Go
    https://ibb.co/jg5LGo

    as for the redirect IPv4 gateway would that be on the client or server? Not sure if it applies as its a shared key

    Thank you


  • Netgate

    Regardless it is impossible to egress to the internet from another IP address. You simply have to be tunneling across and out the other WAN.

    Please post your routing table. Diagnostics > Command Prompt then execute:

    netstat -rn4

    Attaching images on a foreign site instead of just uploading them here makes it harder for us to help you.



  • Sorry forgot i can upload them to the site
    4_1531254297114_Clipboarder.2018.07.10-008.png 3_1531254297114_Clipboarder.2018.07.10-007.png 2_1531254297114_Clipboarder.2018.07.10-006.png 1_1531254297114_Clipboarder.2018.07.10-005.png 0_1531254297114_Clipboarder.2018.07.10-004.png

    Routing tables on site 1

    Internet:
    Destination        Gateway            Flags      Netif Expire
    default            181.143.5x.xxx     UGS      vtnet0
    127.0.0.1          link#6             UH          lo0
    181.143.5x.xxx/29  link#1             U        vtnet0
    181.143.5x.xxx     link#1             UHS         lo0
    181.143.5x.xxx     link#1             UHS         lo0
    192.168.0.0/24     192.168.20.2       UGS      ovpns2
    192.168.1.0/24     link#2             U        vtnet1
    192.168.1.254      link#2             UHS         lo0
    192.168.3.0/24     link#7             U      vtnet1_v
    192.168.3.1        link#7             UHS         lo0
    192.168.20.1       link#9             UHS         lo0
    192.168.20.2       link#9             UH       ovpns2
    192.168.50.0/24    192.168.50.2       UGS      ovpns1
    192.168.50.1       link#8             UHS         lo0
    192.168.50.2       link#8             UH       ovpns1
    

    Routing tables Site 2

    Routing tables
    
    Internet:
    Destination        Gateway            Flags      Netif Expire
    default            181.143.8x.xx      UGS      vtnet0
    127.0.0.1          link#6             UH          lo0
    181.143.8x.xx/29   link#1             U        vtnet0
    181.143.8x.xx      link#1             UHS         lo0
    192.168.0.0/24     link#2             U        vtnet1
    192.168.0.1        link#2             UHS         lo0
    192.168.1.0/24     192.168.20.1       UGS      ovpnc1
    192.168.20.1       link#8             UH       ovpnc1
    192.168.20.2       link#8             UHS         lo0
    192.168.30.0/24    192.168.30.2       UGS      ovpns2
    192.168.30.1       link#7             UHS         lo0
    192.168.30.2       link#7             UH       ovpns2
    

    Thank you


  • Netgate Administrator

    It's hard to see since both sites are 181.143 and you have covered over the 3 octet in the screenshot showing the wrong WAN.

    But assuming that shows 181.143.5 then that traffic MUST be going over to the other site. If it was not there is no way you would get any connectivity at all.

    Perhaps you have another VPN setup. IPSec? OR maybe a remote access VPN on that client directly?

    Site one has 2 OpenVPN servers configured.

    Steve



  • @stephenw10 Well you wont believe what it was, it was the WPAD, as site 1 has wpad i also have the proxy auto detect on site 2 i disable the auto detect and bam showing the real WAN ip for the websites. i guess no i have to see how i can disable that.