Site to Site changing my WAN IP? SOLVED
-
Hi,
I was wondering if someone else has had this issue before, as a month had the issue but thought because the versions were different, as this week both pfSense box have the same version 2.3.5 and at first was working great. But then there was a power outage, and for some odd reason site 2 is getting the WAN IP of site 1 which does not make sense. In theory Site 1 should keep its own WAN IP and Site 2 also keeps its own WAN IP.Server config: https://imgur.com/a/3PcrlRD
Client Config: https://imgur.com/a/3IEkfgl
Thank you
-
Where exactly are you seeing these switched IPs?
If those are two different sites it seems almost impossibly unlikely they would have swapped WAN IPs.
Steve
-
Thanks for the reply, only seeing that switched IP on Site 2 which is grabbing the WAN of Site 1, i go on a computer on Site 2 and put myIP on google and i see the IP WAN of Site 1 which i have no idea why.
Thank you
-
Because it's routing over the VPN and out the WAN at the other side?
What you're saying is otherwise pretty much impossible.
Look at the address on WAN in Status > Interfaces.
-
Exactly that ^
You may have set
Redirect IPv4 Gateway
if you;re using SSL/TLS.Steve
-
Thanks for the replies im attaching pictures
https://ibb.co/gR3U98
https://ibb.co/jbSZbo
https://ibb.co/di4rNT
https://ibb.co/crN0Go
https://ibb.co/jg5LGoas for the redirect IPv4 gateway would that be on the client or server? Not sure if it applies as its a shared key
Thank you
-
Regardless it is impossible to egress to the internet from another IP address. You simply have to be tunneling across and out the other WAN.
Please post your routing table. Diagnostics > Command Prompt then execute:
netstat -rn4
Attaching images on a foreign site instead of just uploading them here makes it harder for us to help you.
-
Sorry forgot i can upload them to the site
Routing tables on site 1
Internet: Destination Gateway Flags Netif Expire default 181.143.5x.xxx UGS vtnet0 127.0.0.1 link#6 UH lo0 181.143.5x.xxx/29 link#1 U vtnet0 181.143.5x.xxx link#1 UHS lo0 181.143.5x.xxx link#1 UHS lo0 192.168.0.0/24 192.168.20.2 UGS ovpns2 192.168.1.0/24 link#2 U vtnet1 192.168.1.254 link#2 UHS lo0 192.168.3.0/24 link#7 U vtnet1_v 192.168.3.1 link#7 UHS lo0 192.168.20.1 link#9 UHS lo0 192.168.20.2 link#9 UH ovpns2 192.168.50.0/24 192.168.50.2 UGS ovpns1 192.168.50.1 link#8 UHS lo0 192.168.50.2 link#8 UH ovpns1
Routing tables Site 2
Routing tables Internet: Destination Gateway Flags Netif Expire default 181.143.8x.xx UGS vtnet0 127.0.0.1 link#6 UH lo0 181.143.8x.xx/29 link#1 U vtnet0 181.143.8x.xx link#1 UHS lo0 192.168.0.0/24 link#2 U vtnet1 192.168.0.1 link#2 UHS lo0 192.168.1.0/24 192.168.20.1 UGS ovpnc1 192.168.20.1 link#8 UH ovpnc1 192.168.20.2 link#8 UHS lo0 192.168.30.0/24 192.168.30.2 UGS ovpns2 192.168.30.1 link#7 UHS lo0 192.168.30.2 link#7 UH ovpns2
Thank you
-
It's hard to see since both sites are 181.143 and you have covered over the 3 octet in the screenshot showing the wrong WAN.
But assuming that shows 181.143.5 then that traffic MUST be going over to the other site. If it was not there is no way you would get any connectivity at all.
Perhaps you have another VPN setup. IPSec? OR maybe a remote access VPN on that client directly?
Site one has 2 OpenVPN servers configured.
Steve
-
@stephenw10 Well you wont believe what it was, it was the WPAD, as site 1 has wpad i also have the proxy auto detect on site 2 i disable the auto detect and bam showing the real WAN ip for the websites. i guess no i have to see how i can disable that.