Packet on wrong interface
-
Hey guys
i open a PPTP tunnel with my Pfsense FW.
I have 4 NICWAN (Public IP)
LAN (192.168.126.0/24)
OPT1 in bridge
OPT2 in bridgeVPN (192.168.17.0/28)
The tunnel is up but I can't hit my LAN Subnet.
when i ping (192.168.17.1->192.168.126.48) the packets don't arrive in PFSENSE LAN interface but in NG1 interface ? why ?
If i ping (192.168.126.48->192.168.17.1) the packets arrive in PFSENSE LAN interface…The firewall rules are: any allow to any
Can i manage interface for rights way ?
any help was very grateful
stefano
-
ng1 is probably your PPTP interface. You may just need to add firewall rules under Firewall > Rules, on the PPTP tab.
-
In pptp rules i have all rules set to PASS :-X
-
Sure it's pass for all protocols, and not just TCP?
Show a screenshot of your firewall rules, and of the firewall log.
-
i have inserted the first rule only for avoiding Firewall issues…
-
What about the firewall log?
And on the PPTP page, what is the "server address" set to? It should be something else in 192.168.17.x in your case.
-
exactly..
My IP server is 192.168.17.98.
PPTP clinet is 192.168.17.0/28see this attachment
from VPN to LAN i see in Ng1 interface (the first)
form LAN to VPN i see in LAN interface (the second)Why 2 "side" of ping is in different interface ?
In Firewall log i don't find nothing about routing….
-
Traffic from PPTP clients will come in ng1 (or ng2, 3, 4, etc) and then leave LAN. Traffic from the LAN side will come in LAN and leave ng1. That is perfectly normal, nothing is wrong about the interfaces involved.
If it isn't getting from one side to the other, it's either being blocked by firewall rules, or something else is going on (like an IPsec tunnel or something using those same subnets is grabbing the traffic)
-
thank you for your reply
i don't understand where packets are dropping…
:-\ -
I suggest you do a packet capture on every other interface to find where the traffic is leaving from the PPTP subnet.
