Cant establish connection
-
Hi there,
I have the following problem:
I use a site to site VPN connection to a router which is connected to the pfsense.
ROUTER A (192.168.10.0/24) <--------> ROUTER B (192.168.1.0/24) ------- pfsense (192.168.1.2) ------ Server(192.168.0.10)
Now I want to access the server from Network ROUTER A. I added a static router both in ROUTER B and pfsense for 192.168.10/24 aswell as a route for 192.168.0.0/24 in ROUTER A. From ROUTER B I can access the server without problems.
I can ping pfsense (192.168.1.2) successfully from ROUTER A but I cant connect to the server (192.168.0.10). Firewall rules are in place and even track the connection:
Protocol Source State Packets tcp 192.168.10.15:63529->192.168.0.10:3389 SYN_SENT:ESTABLISHED 5/3This is when I try to use a RDP connection to my server.
What am I doing wrong? Any ideas?Thanks
-
@Ben-Ktz said in Cant establish connection:
I use a site to site VPN connection to a router which is connected to the pfsense.
Which VPN type? Between which devices?
@Ben-Ktz said in Cant establish connection:
Now I want to access the server from Network ROUTER A.
From the router? Or from a device behind it? 192.168.10.0/24 is the network behind the router?
@Ben-Ktz said in Cant establish connection:
I added a static router both in ROUTER B and pfsense for 192.168.10/24 aswell as a route for 192.168.0.0/24 in ROUTER A.
Static routes are not a good choice to direct traffic over VPNs. VPN packages provide other routing methods.
@Ben-Ktz said in Cant establish connection:
I can ping pfsense (192.168.1.2) successfully from ROUTER A but I cant connect to the server (192.168.0.10).
Ensure that the server doesn't block it. Use the pfSense ping feature from the diagnostic menu. Try a ping to the server with default source and try a second time with another like VPN.
-
For the VPN site to site I use a Zyxel USG20 to Lancom 1791VA.
Id like to access the server from a client behind ROUTER A (192.168.10.0/24).
What drives me crazy: I can access the pfsense from Network A but I can't reach the server. A ping from pfsense reaches Router A (192.168.10.1) but isn't able able to reach the client (192.168.10.15) even tho the firewall is configured to allow it and even logs the ping request with accept. On the other hand I'm able to ping from Network A to the interface of the pfsense which is connected to Router B (192.168.1.1) but I can't connect to the lan interface of the pfsense which is connected to the server (192.168.0.1).
Tracert from a client in Network a:
1 <1 ms <1 ms <1 ms 192.168.10.1 2 * * * Request timed out. 3 40 ms 42 ms 42 ms 192.168.1.2 4 42 ms 44 ms 42 ms 192.168.1.1 5 59 ms 41 ms 42 ms 192.168.0.10However, a client that connects via software vpn client to Router B has no problem at all and can access the server.
What am I missing?
-
It was actually Windows firewall blocking ping to my client in Network a (192.168.10.15)
So my pfsense is able to ping my client in 192.168.10.0/24 but my server which is directly connected to the pfsense isn't. Pfsense can also ping Router B (192.168.1.1) but the server cant either.
Firewall rules to allow pings are activated and my firewall even registers the ping. -
Seems you're missing the route for the servers network on router A. This has to be set in the OpenVPN settings.
@Ben-Ktz said in Cant establish connection:
I'm able to ping from Network A to the interface of the pfsense which is connected to Router B (192.168.1.1) but I can't connect to the lan interface of the pfsense which is connected to the server (192.168.0.1)
Since you know now, pfSense is responding to ping, you may also try to ping its server side interface to investigate. If you don't get a respond you will miss the route.