When i delete the Route everything works fine but the /25 is handled that as a Privat Network:
traceroute -i igb1 web.de traceroute: Warning: web.de has multiple addresses; using 82.165.229.138 traceroute to web.de (82.165.229.138), 64 hops max, 40 byte packets 1 lee.de (212.168.31.129) 0.442 ms 0.366 ms 0.324 ms 2 r1ffm.de.vianw.net (212.168.1.221) 4.573 ms 4.814 ms 4.766 ms 3 xe-5-3-2-0.fra-006-score-1-re0.interoute.net (89.202.134.177) 7.794 ms 5.978 ms 10.017 ms > Am 10.05.2016 um 22:12 schrieb Daniel Eschner <dan...@linux-nerd.de>: > > Let my try to explain it completely ;) > > i configured something like that in my first Router. > I think CARP etc. is not the problem here: > > > WAN (wan) -> igb0 -> v4: 212.168.31.131/29 > FCSE_PUB (lan) -> igb1 -> v4: 212.168.31.2/25 > HA_SYNC (opt1) -> igb3 -> v4: 10.0.0.1/24 > > The /29 Network is just a transfer-Net for the /25 Subnet. > So i have to route the /25 thought the /29. In my Case it should be the .130 > (CARP IP) > > I configured openVPN-Server to listen on one IP from the /25 Network (.1 CARP > IP) > VPN-Clients get a IP from 10.0.1.0/24 Network - that should be fine anyway. > > Connection etc. is working but when i make connections thought the VPN i will > always see the IP from the WAN Interface but /25 are Public IPs so i want to > have the (.1 CARP IP) show on remote Servers like google.com and so on. > In Linux i just can setup the next hop like: > > ip r a 212.168.31.2/25 via 212.168.31.130 dev igb0 > > When it set the route with route add 212.168.31.0/25 212.168.31.130 > i am not able to reach anythink. > > NAT is not needed i think because we use public IPs. So thats the reason why > i am confused. > > traceroute -i igb1 web.de > traceroute: Warning: web.de has multiple addresses; using 82.165.229.138 > traceroute to web.de (82.165.229.138), 64 hops max, 40 byte packets > 1 * * * > 2 * * * > > > On the Router-Site from my ISP all traffic to the /25 is routed to the .130 > on my site. > > > >> Am 10.05.2016 um 21:57 schrieb Steve Yates <st...@teamits.com>: >> >> I'm a bit confused whether the /25 is your LAN subnet or another interface. >> The OpenVPN tunnel network has to be a subnet that is on no other interfaces >> including the remote PC's LAN. For example we have our data center using a >> /29 for WAN, a /25 for LAN, 10.20.1.0/24 for PFSYNC, and 192.168.199.0/24 >> for OpenVPN. 192.168.199.0/24 is just used to route packets from the remote >> PC to behind the router. >> >> You wrote "/130" for the CARP WAN alias...I'm assuming that's a typo and >> should be "/29" like the others. >> >> -- >> >> Steve Yates >> ITS, Inc. >> >> -----Original Message----- >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel >> Eschner >> Sent: Tuesday, May 10, 2016 2:32 PM >> To: list@lists.pfsense.org >> Subject: [pfSense] Routing Issue >> >> Hi there, >> >> i try to configure 2 PFsense Firewalls as the Following Setup: >> >> My ISP gave me a /29 ans Transfer-Network. I Setup the IPS as the following: >> >> x.x.x.131/29 PF1 >> x.x.x.132/29 PF2 >> x.x.x.130/130 CARP Interface (Redundant) >> >> After that i added x.x.x.2/25 and to another interface and created also a >> CARP Interface with IP 1 (default gateway for Clients) >> >> Now i want to route the /25 thought the .130 IP for example that openvpn >> have the IP from the /25 network. >> When i establish a BPN Connection it shows me always the IP .131 >> >> Can it be changed for example change Outbound NAT or so that the .1 is shown >> in the Interface? >> All IPs are Public IPs >> >> Hope you understand what i mean ;) >> >> Cheers >> >> Daniel >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
