Ip issue on remote network



  • Good day,

    I'm using my box with pfsense for 3 purpose..
    1. Internet Access
    2. to replace the hub provided by my IPTV provider ( I did: https://forum.pfsense.org/index.php?topic=87738.0)
    3. to connect to my work, to our Fortigate, using IPsec

    My work network have multiple sites connected to one main site (our head office). All those network are 192.168.2.x, 3.x, 4.x, to 12.x/24. It's all routed base with ospf
    My home network is on the 172.16.35.0/24 network, so I dont overlap.

    So. On my pfsense, I had created a tunnel to my work place. I had created the phase 1, then multiple phase 2 for all those other network.

    I also add in gateway, the IP of the local pfsense box (172.16.35.1), and add a route for each remote network.

    My IPTV work fine! and the internet too.. BUT…
    I'm able to ping/tracert and access a lot of devices on all those work network, and from work, I can access my home pc perfectly.

    From work:  I can connect to ALL of my work routers (192.168.2.1, 3.1....) even my home (pfsense) one 172.16.35.1 without any issue!

    From home.. there is where is issue seem to be.. :  I can reach many devices/server.. for, i can ping all of the remote routers (192.168.2.1, 3.1....). When I try to access them with a browser, I see (using firefox, or any other one) on the status bar "connecting to 192.168.2.1).. for a few minute.. then, cannot display the page..

    I dont know where to look :(

    Thanks a lot

    Frank



  • Hi Frank,

    Firstly, I'm not sure what you mean when you say the following;

    I also add in gateway, the IP of the local pfsense box (172.16.35.1), and add a route for each remote network.

    Do you mean you have added the IP into one of your LAN nodes? Also, where/why have you added a route for each remote network? You shouldn't need to add any routes as the pfSense should know how to route to these subnets by virtue of each phase 2 you have previously created.

    Have you checked your firewall rules on the Fortigate side permit traffic from your 172.16.35.0/24 subnet? If you run Wireshark on one of the LAN nodes you are trying to ping and filter by icmp, do you see the ICMP requests coming in? Another you can try is run a tracert from your LAN side to the Fortgiate LAN side and see at which hop this fails.

    Cheers.



  • @froussy:

    Good day,

    I'm using my box with pfsense for 3 purpose..
    1. Internet Access
    2. to replace the hub provided by my IPTV provider ( I did: https://forum.pfsense.org/index.php?topic=87738.0)
    3. to connect to my work, to our Fortigate, using IPsec

    My work network have multiple sites connected to one main site (our head office). All those network are 192.168.2.x, 3.x, 4.x, to 12.x/24. It's all routed base with ospf
    My home network is on the 172.16.35.0/24 network, so I dont overlap.

    So. On my pfsense, I had created a tunnel to my work place. I had created the phase 1, then multiple phase 2 for all those other network.

    I also add in gateway, the IP of the local pfsense box (172.16.35.1), and add a route for each remote network.

    My IPTV work fine! and the internet too.. BUT…
    I'm able to ping/tracert and access a lot of devices on all those work network, and from work, I can access my home pc perfectly.

    From work:  I can connect to ALL of my work routers (192.168.2.1, 3.1....) even my home (pfsense) one 172.16.35.1 without any issue!

    From home.. there is where is issue seem to be.. :  I can reach many devices/server.. for, i can ping all of the remote routers (192.168.2.1, 3.1....). When I try to access them with a browser, I see (using firefox, or any other one) on the status bar "connecting to 192.168.2.1).. for a few minute.. then, cannot display the page..

    I dont know where to look :(

    Thanks a lot

    Frank

    Hey, try this: https://forum.pfsense.org/index.php?topic=106654.0
    Br,
    Greg


Log in to reply