----- "Curtis Maurand" <[email protected]> wrote: > have a public IP on em1 > I have a private IP on em2 (10.0.1.10/24) > I have a private ip on OPT1 (10.201.17.1/28) > > Normally I would have the OPT interface in a DMZ, but constraints aren't > allowing me to do that so the OPT1 interface is also plugged in on the local > LAN as well. > > > I've assigned a secondary address on a linux machine on the same subnet as > OPT1 (10.201.17.3/28). The primary address on the linux machine is > 10.0.1.210/24 > > I have a VPN set up via the WAN interface to the subnet on OPT1 interface. > > the tunnel comes up perfectly. > > The linux machine can ping the primary interface on the pfsense machine. > The linux machine can ping a host on the other end of the tunnel reliably. > The linux machine can ping the OPT1 interface, but it is not reliable. Huge > packet loss numbers. > I can ping the host on the other end of the tunnel via the OPT1 interface. > > I've tried all sorts of different rules, but I'm allowing Any traffic and > protocol from the OPT1 subnet to the OPT1 interface and vice-verse. I've > allowed all traffic from anywhere and to anywhere on the opt one interface. > I'm at my wits end. I need two different subnets on my LAN and I need to > tunnel one of them. > > How do I make this happen? > > Curtis > >
OOOO... and what happens if you run a packet capture on the pfSense box? I've found this feature to be absolutely invaluable in these situations... Capture traffic that is source/destination your IPs on the Linux box... run your tests... then import into Wireshark for analysis. --Tim
