What is wrong in this packet capture?
-
I am unable to ping the Public Firewall LAN on Site A.
OpenVPN Config : Peer to Peer SSL/TLS, tun, UDP4. LAN to LAN works fine.
Site A:
I have a working pfSense firewall (OVPN) where my OpenVPN Server is and it is behind another pfSense firewall (Public).pfSense Public LAN: 192.168.8.5
pfSense OVPN WAN: 192.168.88.7
pfSense OVPN LAN: 192.168.8.1Site B:
Direct to internetRemote PC on Site B connects thru Site to Site OpenVPN: 192.168.140.10
Command on Remote PC: ping 192.168.88.5
CAPTURE thru OPENVPN Interface:
12:50:25.069237 AF IPv4 (2), length 826: (tos 0x0, ttl 127, id 26046, offset 0, flags [none], proto UDP (17), length 822)
192.168.140.10.2425 > 192.168.8.51.2425: [udp sum ok] UDP, length 794
12:50:25.149015 AF IPv4 (2), length 64: (tos 0x0, ttl 127, id 52396, offset 0, flags [none], proto ICMP (1), length 60)
192.168.140.10 > 192.168.88.5: ICMP echo request, id 1, seq 837, length 40
12:50:29.849687 AF IPv4 (2), length 64: (tos 0x0, ttl 127, id 52397, offset 0, flags [none], proto ICMP (1), length 60)
192.168.140.10 > 192.168.88.5: ICMP echo request, id 1, seq 838, length 40
12:50:34.851582 AF IPv4 (2), length 64: (tos 0x0, ttl 127, id 52398, offset 0, flags [none], proto ICMP (1), length 60)
192.168.140.10 > 192.168.88.5: ICMP echo request, id 1, seq 839, length 40CAPTURE thru WAN Interface:
12:57:21.703462 00:90:27:fe:2e:0a > 00:0d:b9:3f:90:19, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 126, id 52407, offset 0, flags [none], proto ICMP (1), length 60)
192.168.140.10 > 192.168.88.5: ICMP echo request, id 1, seq 852, length 40
12:57:26.354229 00:90:27:fe:2e:0a > 00:0d:b9:3f:90:19, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 126, id 52408, offset 0, flags [none], proto ICMP (1), length 60)
192.168.140.10 > 192.168.88.5: ICMP echo request, id 1, seq 853, length 40
12:57:31.352071 00:90:27:fe:2e:0a > 00:0d:b9:3f:90:19, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 126, id 52409, offset 0, flags [none], proto ICMP (1), length 60)
192.168.140.10 > 192.168.88.5: ICMP echo request, id 1, seq 854, length 40 -
I don't understand what you are doing there to be honest.
Maybe it's just me....the confusion already starts in your first sentence "Public Firewall LAN".
Can you rephrase your question, show a bit more about your config and sketch up the network layout?-Rico
-
@Rico Thank you for noticing my post.
This is my layout
The pfSense2 is my Public Firewall or gateway.INTERNET == pfSense1 (Client) --- LAN B (192.168.140.0/24) --- PC B (192.168.140.10)
||
pfSense2 (Gateway) --- DMZ net (192.168.88.0/24) --- pfSense3 (Server) --- LAN (192.168.8.0/24)LAN B and LAN A can communicate properly except that I am unable to push DNS to LAN B pfSense3 which is both the DNS and OpenVPN server. PC B can ping pfSense3 LAN 192.168.8.1 and WAN 192.168.88.7 but I cannot ping pfSense2 LAN 192.168.88.5.