Static route troubles

Started by xkapr, September 07, 2020, 05:31:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 07, 2020, 05:31:25 PM Last Edit: September 07, 2020, 05:37:56 PM by xkapr
Can anybody help me solve troubles with routes. I have a fresh instalation of OPNsense 20.7.2-amd64 on PC Engines APU4D4

My configuration is quite simple. I just followed web interface configuration wizard. For WAN i have configured PPPOE username and password adsl. LAN part is configured for 172.19.0.254/16

Everything goes right until here. PPPOE dial a connection and receieve IP, gateway and dns. DHCP on LAN site leases adresses to computers. Traffic to internet from computers is ok.

And now the troubles. We have an MS SQL server on opposite building. MSSQL server IP 172.18.0.3/16 is Behind a router in this building 172.19.0.1/16 Buildings are connected through WIFI.

So I have added two gateways on OPNsense router 172.19.0.245 and 172.19.0.1

Then I add a route 172.18.0.0/16 through 172.19.0.1 in system/route/configuration

In OPNsense firewall advanced configuration I have checked static route filtering (bypass firewall rules for traffic on the same interface)

Now I can ping to 172.18.0.3 from 172.19.0.0/16 subnet.

The problem is when I run application from 172.19.0.0/16 that something goes wrong. Application have an ODBC connection to the mssql database 172.18.0.3 I can run the application username and passwods are verified against the mssql but next operations throw an exception: Microsoft SQL Server: 10054 General network failure.

MSSQL
172.18.0.3/16


      Gateway (mikrotik)
<->   WAN: ISP, LAN1: 172.18.0.1/16
      LAN2: 172.19.0.1/16


      Gateway OPN sense
<->   WAN PPPOE ISP, LAN: 172.19.0.254/16
      Route to: 172.18.0.0/.16 via 172.19.0.1



      Computers
<->   172.19.0.10-99
      GW: 172.19.0.254


I try it with different routers (not APU4d4 with opnsense) tp-link, mikrotik same configuration and everything works well.

I dont know what Im missing. Firewall rule or something else. Any help will be appretiated.

Thank you.
September 07, 2020, 05:52:24 PM #1 Last Edit: September 07, 2020, 05:56:10 PM by Fright
looks like state tracking
if i understand your network right, SQL will reply to clients in 172.19/16 network bypassing opnsense
(SQL->microtik->client).
why dont you include route to 172.18/16 in clients DCHP options and let them work with 172.18/16 network without opnsense?
Print
Go Up Pages1
User actions