Routing in LAN = unstable
-
Hey all. Let me explain briefly my setup.
I have 2 GWs on my LAN. .1 nad .2
.1 is my Def GW and .2 hosts my 1 IPSEC Tunnel
In order for me to use my ipsec tunnel I need to route the destination traffic to .2 and I have done this by creating a static route on .1 to send all the ipsec destination traffic to .2
Upon doing this I experience very unstable connections. RDP will drop out every minute or so and reconnect, outlook wont synch, etc.
Oddly enough if I add a static route to my workstation so that it routes the destination ipsec traffic, thus bypassing it's def gw completely (.1), my connection is solid and stable.So my question is what should i do? I don't want to have to add static routes on everything i will need to communicate with (not to mention I can't add static routes on everything, some of my devices don't have the ability). How do I go about troubleshooting this dilemma of mine? Thanks a ton.
.1 and .2 are both pfSense 1.2.2 and both have intel nics.
-
Sounds like a timeout.
Have you tried to enable:
Bypass firewall rules for traffic on the same interface
This option only applies if you have defined one or more static routes. If it is enabled, traffic that enters and leaves through the same interface will not be checked by the firewall. This may be desirable in some situations where multiple subnets are connected to the same interface.under system –> advanced ?
-
I did as you suggested and it seems to have helped, but the problem still happens. The only thing is that it doesn't happen as often.
Before enabling it I would get disconnected within ~10 seconds and repeatedly without end, now its about every minute repeatedly without end. -
hey, is this still an issue? if i understand this correctly it sounds like bad network design here…
if you ping from your lan to your ipsec GW to you get ICMP redirects?
are your two gateway's connected to the same switch? if so, you are probably having problems with redirects. i've seen this same issue occur when attaching two gateways to a cut through switch. if this is in-fact how yours is setup I would plug the ipsec Gateway into it's own physical interface on the firewall.
-
hey, is this still an issue? if i understand this correctly it sounds like bad network design here…
if you ping from your lan to your ipsec GW to you get ICMP redirects?
are your two gateway's connected to the same switch? if so, you are probably having problems with redirects. i've seen this same issue occur when attaching two gateways to a cut through switch. if this is in-fact how yours is setup I would plug the ipsec Gateway into it's own physical interface on the firewall.
Yes, both LAN interfaces are on the same switch and both WAN are on same switch.
