Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    snmp over ipsec

    Scheduled Pinned Locked Moved
    IPsec
    3
    6
    90
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reynold
      last edited by

      dear all

      We use a managed print service and they send toner when the printers are low, they manage and monitor this by SNMP (UDP port 161)
      We have multiple sites and I have successfully connected two of these sites with an IPSec site-to-site tunnel.

      Site A - 192.168.100.0/24 Site B - 192.168.200.0/24

      I had to install print service software on server in site A.
      It should work via snmp and it reaches all printers on site A (same subnet of course) but no printer in different subnet

      I installed print service software in Site A a Ii wrote above and i need to manage printer in Site B
      I'm able to
      -ping the printer from site A
      -connect to web gui of printer from site A
      I set up a any any rule on ipsec so I allowed traffic between subnet

      But unfortunately the sw does not discover printer.

      Could you help me?

      G K 2 Replies Last reply Reply Quote 0
      • G
        Gblenn @reynold
        last edited by

        @reynold I'm guessing the print service software "discovers" the printers in the same network which it is on (Site A). But that discovery doesn't automatically happen across networks.

        If it's possible to specify each IP of the printers in the service software, you should be able to add the respective IP's of the printers on site B...

        If not, I guess you need some way to get the broadcast/discovery to work across... like installing Avahi...

        1 Reply Last reply Reply Quote 0
        • K
          Konstanti @reynold
          last edited by Konstanti

          @reynold

          Hi
          I want to disappoint you, but using a classic ipsec tunnel based on traffic selectors (Site A - 192.168.100.0/24 Site B - 192.168.200.0/24) , it is impossible to transmit broadcast messages that are used to detect devices (for example, printers) on the network

          As an option to solve this problem, it is to connect two networks using any tunnel that supports routing
          , for example, VTI, OpenVPN, GRE over Ipsec, etc.

          And then , using Avahi at both ends of the tunnel , transmit broadcast traffic from one network to another

          G 1 Reply Last reply Reply Quote 0
          • G
            Gblenn @Konstanti
            last edited by

            @reynold As @Konstanti is saying, use a VTI tunnel for this... It's as simple as going into the Phase 2 Entries and change them to Routed (VTI )

            acec85b6-3e2a-4ef4-8659-4c01916b18b6-image.png

            You will also need to go into System > Routing > Static Routes and set up the routes to the respective remote locations using the VTI interface that is created (at both sites of course).

            I have succesfully used this setup, not with a printer but for SNMP and Zabbix monitoring across VPN.

            R 1 Reply Last reply Reply Quote 0
            • R
              reynold @Gblenn
              last edited by

              @Gblenn @Konstanti
              Thanks a lot.
              I will try in the next days
              Avahi is not an option because it seems not available for windows.

              G 1 Reply Last reply Reply Quote 0
              • G
                Gblenn @reynold
                last edited by

                @reynold Actually you install Avahi as a package on pfsense, not on the windows clients.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post