Thursday, October 31, 2019

Crazy routing help

Hey Guys,

I have a business network with an open vpn tunnel setup so I can remotely administer my clients.

The OpenVPN tunnel works fine and I can see all subnets inside of a client network. My client has three subnets.

Vlan 10 with 192.168.255.0/24

Vlan 20 192.168.254.0/24

Vlan 30 192.168.253.0/24

My pfsense box acts as a VPN appliance and a NTP server. As I said the vpn part works great.

I added three static routes in my pfsense and one static route on the switch and I can see everything.

The switch config on my dell switch is mostly everything is in vlan 10 untagged/nontrunked ports.

Vlan 20 has a few ports untaggedand vlan 30 has a single file server attached via an untagged port.

Now my problem is that i can’t ping the NTP server from my file server. I can ping the gateway of 192.168.253.254 (vlan 30) from my file server. And I can even ping 192.168.255.254 and the the other vlans located on the switch from the file server. But the file server cannot ping the pfsense NTP server(192.168.255.1).

It seems I can ping the file server from pfsense but not the other way around.

How do I allow a response from pfsense through the switch back down to the file server.

Remember the file server is on vlan 30 while the pfsense box is on vlan 10 (everything untagged) Normally the switch would just route this over. But I think since I have a static route in my pfsense box routing 192.168.253.0/25 192.168.255.254 that it can’t go back down.

Remember I need the static route 192.168.253.0/25 192.168.255.254 in order for my OpenVPN to work. Or another form of it.

I’ve tried changing the gateway address to 192.268.253.254 on the pfsense static route and while I can ping the vlan 30 gateway via pfsense I still have to check a box that says I’m routing outside an interface subnet. So it works for my vpn tunnel but not from the file server to pfsense.

I’m thinking about doing vlans on the pfsense interface and Turing port 41 on the switch to tagged/trunked ports.

Someone also said I can create virtual interfaces with different IPs on the pfsense LAN port. Maybe that would help. Egh frustrated. With daylight savings time coming up I need this NTP server functioning!

Any guidance or suggestions would be appreciated. And I’ve spent months researching google so no, that’s not a very helpful response.



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)