Site-to-Site, pfsense 1.2-RC3-to-pfsense 1.2-RC3
-
We are trying to setup a VPN to play Lan games like Starcraft or Xbox between 2 locations.
I have the IPSEC tunnels all setup and "working". We can pull up computers on both sides using their Local IP addresses and do file sharing. When we try to play starcraft we are not able to see or join each other's games. Same with Xbox lan games. It would seem to be an issue with broadcast packets.
We are using the UDP protocol for starcraft. Both sides have a Firewall rule for IPSEC that is:
Protocol: *
Source: *
Port: *
Destination: *
Gateway: *Any ideas on what i can do?
Thanks
-
as far as I know, IPSec does not pass broadcasts.
RPS…
-
the nve0 (ipsec) interface has the flags "flags=8843<up,broadcast,running,simplex,multicast>" so i would assume it would.</up,broadcast,running,simplex,multicast>
-
the nve0 (ipsec) interface has the flags "flags=8843<up,broadcast,running,simplex,multicast>" so i would assume it would.</up,broadcast,running,simplex,multicast>
Scratch that…. nve0 is not my IPSEC adapter. The enc0 is and it does not have those flags, just
-
Look at it this way:
You (hopefully) have different, not overlapping subnets on both sides of the tunnel.
A broadcast is not supposed to leave the own subnet and you cannot route it either. Hence the dilemma.Maybe you can use OpenVPN to bridge two seperated networks as one subnet? But I still haven't had the time to dig into OpenVPN at all. It's not more than a wild guess.
-
I have an idea.
You could 1:1 NAT your remote IP into your local subnet.Your "LAN" would have to be on an OPTx
–> Set your "normal" LAN on a VLAN and dont use it.
Setup you OPTx interface so it behaves like your normal LAN did.Create a VIP inside your OPTx subnet.
Create a 1:1 NAT mapping.
Interface your OPTx
External subnet is the IP of your VIP
Internal subnet is the IP of the other PC you want 1:1 NATed in the other subnet.The same on the other side.
I'm not sure if this works but it might be worth to try.
Or like jahonix suggested: bridge your two networks together.
Or another thing you could try:
Setup an UDP proxy:
http://www.vttoth.com/tunnel.htm#Appendix
The example on the page is for Linux but i think it should be possible to get the code in the appendix running on pfSense. -
Thanks for the information,
My 2 networks are 10.0.50.0/24 and 10.0.51.0/24, broadcast can't jump across those?
I have tried the OpenVPn way, seems you need to bridge the tun/tap to the lan which I guess makes the system very unstable.
Random question:
What does setting the Local Endpoint to the LAN do? I had previously set mine to the WAN. When I set both sides to LAN, I can still get the VPN to connect but i have lost my ability to file share. -
My 2 networks are 10.0.50.0/24 and 10.0.51.0/24, broadcast can't jump across those?
I suggest you inform yourself why this is not possible.
You should know the background why this does not work.I have tried the OpenVPn way, seems you need to bridge the tun/tap to the lan which I guess makes the system very unstable.
This appears to be only unstable if you use CARP.
http://forum.pfsense.org/index.php/topic,1990.75.htmlBut if you use OpenVPN to bridge both sides together you will have ONE big subnet.
maybe 10.0.50.0**/23** -
I have an idea.
You could …Smart!
That's why I love this forum. You learn a lot about networking if you listen and make your homework. -
May I suggest you read here:
http://en.wikipedia.org/wiki/Broadcast_%28disambiguation%29
Follow the links under section "In computer networking"
