Configuration advice
-
Thanks again.
The MPLS have an ip on each side. The remote site has 192.168.100.1. For what i can tell here the routing seems ok since iam able to ping a host on the 192.168.10.0/24 net from my remote site and from my local site i can ping a host on the remote site of the mpls.
When iam running a tracert towars my vlan 192.168.11.0/24 from 192.168.100.0 i can see that the routing is in place in the mpls gateways but when it reaches my pfsense box it gets looped back towards 192.168.10.2 instead of going to my vlan host.
When i try to ping a host on the 192.168.100.0/22 net from my pfsense box i also get timeout. It feels like this could also be the reason for not be able to ping the pfsense inteface ip from my 192.168.100.0/22 net. Something must be wrong with my routing setup in my pfsense box.
It seems like the checkbox in advanced for the static route filtering doesnt do the trick.
-
Could you paste your routing table from pfsense?
-
default 87.96.188.1 UGS 0 408828554 1500 bce1
127.0.0.1 link#5 UH 0 1745058 16384 lo0
192.168.10.0/24 link#7 U 0 4131193 1500 bce0_vlan40
192.168.10.254 link#7 UHS 0 0 16384 lo0
192.168.11.0/24 link#8 U 0 370222006 1500 bce0_vlan30
192.168.11.254 link#8 UHS 0 0 16384 lo0
192.168.100.0/22 192.168.10.2 UGS 0 6 1500 bce0_vlan40For the moment i have removed the ipsec connections towards my remote offices just for test purpose so now i only have my 2 vlans and my static route towards my mpls
-
What I find interesting is that you have this:
192.168.10.254 link#7 UHS 0 0 16384 lo0I wonder if that is a function of VLAN, but it seems quite odd.
When you traceroute from 11.0/24 computer to 100.0/22, what does the route look like?
-
Sorry for the delay.
When i traceroute from 192.168.11.5 towards 192.168.100.23 it looks like this:
traceroute to 192.168.100.23 (192.168.100.23), 30 hops max, 60 byte packets
1 192.168.10.2 (192.168.10.2) 8.746 ms 8.737 ms 8.731 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * * -
Do you have the routing on 11.5 pointing directly to 10.2? If so, please remove that route and try again.
-
No, i do not have that route.
I only have a default route of that machine which points to 192.168.11.1 which is the default gateway of that vlan.
-
What are the rules on that VLAN interface?
-
On the 192.168.11.0 Vlan ive got
Proto any From 192.168.11.0/24 Destination 192.168.100.0/22 Gateway 192.168.10.2
Proto any From * Destination * Gateway * -
yeah, you want to remove that first rule. There is no need for policy routing.
-
Hello again.
Ive removed the policy routing line and now the tracert looks different but i cant find the jump towards 192.168.10.2
root@srv10:~# traceroute 192.168.100.23
traceroute to 192.168.100.23 (192.168.100.23), 30 hops max, 60 byte packets
1 pfsense.domain.local (192.168.11.1) 0.135 ms 0.123 ms 0.157 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * * -
The jump to 192.168.10.2 should be in the routing/gateway submenu. (System -> Routing).
There should be a gateway set on VLAN that contains 192.168.10.2 (bce_vlan40 by the look of it). Then a route setup using that gateway.
Looking back over the thread, I see mention of a route in place, but it looks like it may have been part of the rule and not a actual route statement.Hope that helps.
-
I feel like an idiot now. :-[
We had a power interuption today and i had to bring down the firewall for a few minutes. After the reboot everything works completly as expected. :) I have been working with servers and computers for to many years to remember and i know that a reboot is always a good way to eliminate errors. In this case i never thought of it. :-[
Thanks for the help and support podilarius.
/Mike