Strange issue with static routes



  • Hi all,

    I'm having a bit of a problem on my network(s), I'm hoping someone can help me out.  I'll try to explain whats been happening.  Recently my network fell apart.  Both my girlfriend's and a friend's router died, they were both Netgear FVS318 VPN routers.  I've been using pfsense for ages and I'm slowly getting all of my friends to convert. In the meantime I'm having to get the network back up and running using any means necessary.  The only routers I had spare were some DLink units running DD-WRT so I'm using them to make the connections I need.  Previously each network was connected by IPSec.  The DD-WRT units have PPTP capabilities.  This is the config of our networks.
    Network 01:

    Router = pfSense 2.0-RC3
    IP = 192.168.1.1/24

    Network 11:

    Router = pfSense 2.0-RC3
    IP = 192.168.11.1/24

    Network 18:

    Router = DD-WRT v24
    IP = 192.168.18.1/24

    Network 25:

    Router = DD-WRT v24
    IP = 192.168.25.1/24

    Network 01 is main site all of the other networks need to access.  At this point the other network do not need a direct connection to each other.  The two pfSense units are connected via IPSec VPN. Network 01's router is also running a PPTP server for the DD-WRT units to connect to.  I found that DD-WRT would connect to the pfSense box and resources on the pfSense network were accessable but resources on the DD-WRT network were not.  On Network 01's pfSense box I added some static routes and gateways to allow traffic to be correctly routed back to the DD-WRT networks via the PPTP connections.  This works well and traffic is now crossing between networks happily.  This is where my problem occurs.  When the second pfSense box connects via IPSec, the routes to the DD-WRT network stop working.  If I go into System > Routing > Gateways and click edit any of the gateways, then save, without making any changes, the routes start workng again but the IPSec connection stops working.

    Can anyone shed any light on why this could be happening?

    Thanks in advance.

    KeepGood



  • As additional info, when trying to ping another network from Network 01 I get …

    Reply from 192.168.1.1: TTL expired in transit.

    I'm updating pfSense as each snapshot is released in hope this is problem is solved, but no joy so far.



  • @KeepGood:

    Reply from 192.168.1.1: TTL expired in transit.

    That suggests to me a routing problem. It would probably help to draw a diagram of your network and check that each system on all the paths of interest is able to forward packets correctly - you might need some additional routes.

    The traceroute tool might also be useful to help determine if your routing is correct.


Log in to reply