Traceroute problem
-
I have the following wierd setup although it works.
(Wireless Community network)–-WAN (10.215.1.253/30)---pfsense 1.0.1---LAN (192.168.1.1/24) ----(Lan net)----ADSL router (192.168.1.2/24)
Openvpn server runs on the pfsense box to allow wireless clients (from the community network) to access the local lan and the internet through the pfsense box and the ADSL router.
Openvpn clients are on 192.168.130.0/24 assigned by the openvnp server.
Everything is working except traceroute.
As openvpn client (192.168.130.6) I can ping the LAN interface of the pfsense box (192.168.1.1), I can ping LAN hosts, I can ping the ADSL router (192.168.1.2), I can ping internet sites, but I can't traceroute to any destination outside the LAN.
If i try to traceroute to the ADSL router i get:
traceroute to 192.168.1.2 (192.168.1.2), 30 hops max, 38 byte packets 1 192.168.130.1 (192.168.130.1) 3.089 ms 2.404 ms 2.159 ms 2 192.168.1.2 (192.168.1.2) 2.874 ms 4.298 ms 2.955 msAs i understand the traceroute packets are going as expected through the tunnel.
All traceroutes to other destination fail. I can see web pages and any other type of traffic seems to working.
I have noticed similar problems with ipsec vpns (with linux boxes not pfsense) where i had to change the ttl value of the tunnel, but i can not find how to try it with openvpn. Its just a guess.
-
if you traceroute to a host on the internet where from do you get timeouts?
could you put such a traceroute output here?what are your custom options?
you might want to try to add:
push "redirect-gateway local def1"
to absolutely ensure that everything goes over your Pf -
False alarm. :)
The problem is on the ADSL router. I can't traceroute also from the LAN to the internet (traffic goes only through the ADSL router)
So nothing to do with pfsense.
Thanks for the response.