Hello, You might need a firewall rule for the remote network in your lan rules to force traffic to follow normal routing.
In my case (2 WANs), I have a rule defining the defaut gateway for lan traffic. To permit the traffic to remote vpn site, I have to add a rule earlier for the remote network with no gateway so it will follow normal routing. My 2 cents... Le Wed, 19 Dec 2012 14:39:36 +0100, WolfSec-Support <supp...@wolfsec.ch> a écrit : > may there are any fw rules there in LAN interface with similar > IP's/networks ? > some used this under 1.2.x and after upgrading to 2.x this caused > issues. > > onto routing: > > looks good > > here a similar setup of mine / 1 side: > > 192.168.253.13 link#13 UH 0 0 1500 ovpnc1 > 192.168.253.14 link#13 UHS 0 0 16384 lo0 > 192.168.0.0/16 192.168.253.13 UGS 0 4151616 1500 > ovpnc1 > 192.168.242.0/24 link#1 U 0 1191195015 1500 > vr0 > > > rgds > stephan > > > > 2012/12/19 Cristian Del Carlo <cristian.delca...@gmail.com> > > > Hi, > > > > thanks for your help. > > > > My firewall rules are in both pfsense: > > Action: Pass > > Interface : Openvpn > > Protocol: Any > > Source: Any > > Destionation: Any > > > > This are my routing from firewall ( without public ip ): > > > > pfsense 1 - client: > > 10.0.8.1 link#10 UH 0 15 ovpnc2 > > 10.0.8.2 link#10 UHS 0 0 lo0 > > 192.168.8.0/24 10.0.8.1 UGS 0 45 ovpnc2 > > 192.168.9.0/24 link#2 U 0 37598040 em1 > > > > pfsense 2 - server: > > 10.0.8.1 link#9 UHS 0 0 lo0 > > 10.0.8.2 link#9 UH 0 72 ovpns1 > > 192.168.8.0/24 link#2 U 0 229122 em1 > > 192.168.8.1 link#2 UHS 0 0 lo0 > > 192.168.9.0/24 10.0.8.2 UGS 0 1 ovpns1 > > > > Could be a routing problem? > > > > > > 2012/12/19 WolfSec-Support <supp...@wolfsec.ch>: > > > Hi, > > > > > > do you have special rules in VPN tunnel ? > > > make sure to open OpenVPN ruleset as necessary > > > > > > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels > > > > > > but per default normally tunnel is open any<>any > > > > > > br > > > stephan > > > > > > > > > _______________________________________________ > > > List mailing list > > > List@lists.pfsense.org > > > http://lists.pfsense.org/mailman/listinfo/list > > > > > > > > > > > -- > > -------------------------------------------------------- > > > > Cristian Del Carlo > > > > Il testo e gli eventuali documenti trasmessi contengono informazioni > > riservate al destinatario indicato. La seguente e-mail è > > confidenziale e la sua riservatezza è tutelata legalmente dal > > Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della > > privacy). La lettura, copia o altro uso non autorizzato o qualsiasi > > altra azione derivante dalla conoscenza di queste informazioni sono > > rigorosamente vietate. Qualora abbiate ricevuto questo documento > > per errore siete cortesemente pregati di darne immediata > > comunicazione al mittente e di provvedere, immediatamente, alla sua > > distruzione. > > > > -------------------------------------------------------- > > _______________________________________________ > > List mailing list > > List@lists.pfsense.org > > http://lists.pfsense.org/mailman/listinfo/list > > > > > _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
