Home / server / Questions / 484874
In Process
dannymcc
Asked: 2013-03-06 07:10:07 +0800 CST

Routing between two routers with static routes

  • 772

I have a Draytek 3200 router and a pfsense rackmount router that I am trying to get to route to each other.

I have a subnet on each router and a subnet for the link between, as shown here:

Network Map

As it stands at the moment I can ping from the Draytek 192.168.1.0/24 subnet to 10.2.1.2/24 successfully. I can ping from 10.2.1.1 to 10.2.1.2. I can't ping from the pfsense at all to the draytek's 192.168.1.0/24 subnet.

Ultimatly I am trying to be able to ping anything on the 192.168.1.0/24 subnet from any LAN on the pfsense.

Current pfsense Interfaces

Current Interfaces

Current pfsense Gateways

Current Gateways

Current pfsense Routes

Current Routes

I've allowed everything through on the firewall, as far as I can tell.

Draytek Subnet Configuration

Draytek Subnet Configuration

Draytek Static Routes

Draytek Static Routes

I'm certain I'm missing something and it's probably obvious, but I can't for the life of me get this working.

Draytek Routing Table

Key: C - connected, S - static, R - RIP, * - default, ~ - private
*            0.0.0.0/ 0.0.0.0          via 81.142.64.1       WAN1
S           10.1.1.0/ 255.255.255.0    via 10.2.1.2          LAN1
C           10.2.1.0/ 255.255.255.0    directly connected    LAN4
*        81.142.64.1/ 255.255.255.255  via 81.148.64.1       WAN1
C~       192.168.1.0/ 255.255.255.0    directly connected    LAN1
S~       192.168.2.0/ 255.255.255.0    via 86.143.86.52     VPN-3
S~       192.168.3.0/ 255.255.255.0    via 146.255.106.220  VPN-1
S~       192.168.4.0/ 255.255.255.0    via 146.225.121.125  VPN-5
S~       192.168.5.0/ 255.255.255.0    via 217.42.42.188    VPN-4
S~       192.168.6.0/ 255.255.255.0    via 86.22.102.129     LAN3
C       192.168.20.0/ 255.255.255.0    directly connected    DMZ 
S      217.32.42.177/ 255.255.255.255  via 217.32.42.177     WAN1
C      217.32.47.176/ 255.255.255.240  directly connected    LAN1

I wasn't sure if it's relevant but the two routers are not directly connected via a patch cable as the Draytek only has one true LAN port. The LAN 4 on the Draytek is tagged, passed to a switch which is set to untagged on the port the pfsense is connected to.

enter image description here

PFSense Firewall Log

Firewall Logs
ACT IF    Source       Destination     Prot
X   LAN2  10.2.1.2:80  10.2.1.1:3439   TCP:FA
X   LAN2  10.2.1.2:80  10.2.1.1:39437  TCP:FA
X   LAN2  10.2.1.2:80  10.2.1.1:39441  TCP:FA
X   LAN2  10.2.1.2:80  10.2.1.1:39445  TCP:FA

Core Switch VLAN Config

enter image description here

routing

2 Answers

  1. Hmm, since the two subnets are masked and cannot really communicate, I would do a NAT on both routers, then ping will work. So you have to NAT the networks.

    • 1

  2. What happens if you set your laptop up on the middle subnet with IP: 10.2.1.3/24 and set your gateway to the Draytek? Try to ping the Draytek (10.2.1.1) then try to ping the subnet behind the Draytek? If you have the same problem from the laptop you can focus on the draytek. Like wise you could try pinging the laptop from the pfsense and the pfsense subnet.

    I know that's not an answer but logical step to determine if the draytek is playing up/misconfigured or the pfsense is the issue.

    I seem to remember a similar issue with 2 Drayteks. I think I ended doing a workaround by setting up an IPSec VPN tunnel between the 2 which adds the static routes to each device based on the IPSec config page entries.

    • 0