0

Hereafter is my today address plan and related cabling which works partially. on top of this picture I have in mind to offer a OpenVPN connection NATed to the OPT subnet (but this is for later because the first step does not work).

internet---GW---192.168.4.0---PFsense/lan---192.168.5.0---router---192.169.1.0
                             |
                             -PFsense/opt---192.168.6.0

the picture is more delailed:

https://i.stack.imgur.com/Y0ma4.png

the traffic between internet & 192.168.1.1 subnet works perfectly

the traffic between 192.168.6.0 subnet and 192.168.1.1 subnet does not work

I have looked at many answers in the forum and tested a lot of the proposed solutions and I was stuck until ... I rebooted my pfsense appliance.

Thank you @Colt for your sharpness and your suggestions

@Tommiie I thank you for the very valuable debugging guidance

In case you are interested in the firewall rules and the router settings, feel free to ask me, I spent so many hours on this ans I am happy to share the screenshots of the settings.

Following the good suggestion of @Colt (see the comments) I don't remove the faulty picture, by "faulty" I mean the set-up that does work !

I rather add a picture with the working set-up one.

In all cases, be sure to reset the FW states before testing a new FW configuration.

hoping it helps !

enter image description here

Regpa
  • 21
  • 1
  • 2
  • Please share (by updating your question) the relevant configurations on the pfSense and the router as well as the troubleshooting commands and their output used. What comes to mind: routing tables, firewall rules, traceroute output. – Tommiie Mar 06 '19 at 13:36
  • I suspect you are NATing between your subnet, but you should not IMO – yagmoth555 Mar 07 '19 at 15:41

1 Answers1

0

You are putting the firewall rules on the wrong interfaces. Use the same rules, but just switch them: In LAN rules, pass any LANnet to OPTnet, and in OPT rules, pass any OPTnet to LANnet.

Colt
  • 1,939
  • 6
  • 20
  • 25
  • Indeed @Colt, you are fully right, in fact my picture is wrong, The rules you mentionned were well those I put, but stupidley it missed to reset either the states or the appliance. I am sorry to generate traffic because of this. And I will correct the picture. Now I am trying to route the OpenVPN traffic to the OPT subnet. – Regpa Mar 07 '19 at 21:45
  • You should probably leave the picture alone so that this Q/A is helpful and not confusing to others that may have similar issue – Colt Mar 08 '19 at 02:02