interface work al 80%
-
Hi everyone, I have a network structured as follows:
general quarter - PFSENSE 2.5.0 (192.168.2.x)
site 1 - PFSENSE 2.4.4 (192.168.3.x) opnevpn tunnel 10.0.1.x to general quarteran interface for WIFI with ip has been activated on the headquarters
192.168.110.x with DHCP serverI have set the rules to surf the Wifi network and everything works regularly, but when I am connected in WIFI I do not pin the 192.168.3.x network if instead I connect via LAN cable I pin it.
I also imported a floating rule but it doesn't work
where am i wrong? someone give me some advice? the 110 network must work and see all the networks that are seen when connected in LAN
thanks to who helps me
-
@miami71it well you would need to make sure your vpn setup allows for this other wifi network. The other site needs to know to get to 192.168.X to go down the tunnel, etc.
on a side note, both of your listed versions are no longer supported. Prob best to update them to current pfsense..
-
@johnpoz ok but from where? I have never told the vpn to also see the lan network but he sees it.
on the headquarters Opnvpn is configured as a server and from site 1 there is an opnevpn client configuration.
or do I have to make a rule? help me ? I thank you
-
@miami71it so on your vpn server side.. Do you not have a local networks box?
-
@johnpoz the local network is set up there
but I don't understand why if I connect the external networks with the cable I see them if I connect with wifi, I only see the local and the external ones no -
@miami71it wouldn't matter what network your attached to on pfsense, if the remote networks are available via vpn connection.
So you have this?
And your server on HQ has listed both your 192.168.2 and 192.168.110 network.
But client on 192.168.3 can not get to anything on 192.168.110 network? Can it get to pfsense IP on that network, 192.168.110.1?
Or your saying device in 192.168.110 can not get to devices on 192.168.3? Can it ping the pfsense IP on the site 192.168.3.1?
Or you say you can connect to 192.168.110 network with a wire and it works, but if wifi on 192.168.110 it does not work?
-
@johnpoz Yes, the network is made as you did the scheme. When I connect to wifi the dhcp gives me the 192.168.110.x network and I can ping the 192.168.2.x network but I don't pin the 192.168.3.x network, not even the site 1 network pfsense. LAN the dhcp gives me the ip 192.168.2.x and from there I can ping the network of site 1.
-
might be best to take screenshots of your firewall rules on the WIFI tab
also screenshots of your VPN-server configuration.screenshots of the routing table on both pfsense might help.
-
Seems like you probably have a missing route to 192.168.110.x at the remote site.
Bit it could also be a missing firewall rule somewhere.
Steve
-
@stephenw10 here are the rules
-
And the rules and routes at the remote site?
-
-
@miami71it this is not 192.168.110/24
So how would the site know to go back down the tunnel to get to 192.168.110? I specifically asked you this very question - and you said it was correct, clearly not from your screenshot.
-
@johnpoz that ip is from another network
but sorry, but if I connect with the cable it works because it doesn't work with wifi? even without local network rules? -
Check Diag > Routes at the remote site. Does it have a route back to 192.168.110.x?
-
@miami71it said in interface work al 80%:
that ip is from another network
You are not telling your site where to go to get to a 192.168.110 network - so NO its never going to work - ever.. The site doesn't know how to get to a 192.168.110 network, so it sends it out its default gateway.
You tell it how to get to 192.168.2, so as I stated before tell it how to get to 192.168.110
-
@johnpoz sorry but I don't want to be insistent, I understand what you are saying, I have to put 192.168.110.0/24 in the local network, this is very clear to me but before doing it I wanted to understand how but if I connect with the LAN cable it works and with WIFI it doesn't, that was what I was trying to understand
-
@miami71it said in interface work al 80%:
I have to put 192.168.110.0/24 in the local network
When - sure wasn't in your screenshot
If you plug in with a cable you are on the 192.168.2 network.. Sorry but with 192.168.3 site not knowing how to get to 192.168.110 there is no possible way it worked with a wire connected and client getting 192.168.110.x address..
Doesn't matter if your wired or wireless, without a route to 192.168.110 there is no way it was working.
If you plug in and get a 192.168.2.x address - then sure you told the other side how to get to 192.168..2 via coming down the tunnel.
-
@johnpoz 369 / 5.000
Risultati della traduzione
ok now you have clarified my ideas.
in fact from site 1 in the remote network there is the network 192.168.2.x, so I have to put them also the 110, in practice it comes out like this
192.168.2.0/24, 192.168.110.0/24doing so now I pingo
I apologize again, I understood what you wanted me to do, but I wanted to understand the motivation, it is also done to learn :)
now I have learned
a thousand thanks -
Yup, a route must exist both ways.
