OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • Time to live exceeded
« previous next »
  • Print
Pages: [1]

Author Topic: Time to live exceeded  (Read 5170 times)

cryptoparty

  • Newbie
  • *
  • Posts: 37
  • Karma: 0
    • View Profile
    • information security for u
Time to live exceeded
« on: August 29, 2017, 05:58:02 pm »

I got :

arm1 - Opnsense1 - gw - Opnsense2 - arm2

when i try ping from arm1 to arm2 i see messages about loss packets: Time to live exceeded
Logged
www.itsecforu.ru

cryptoparty

  • Newbie
  • *
  • Posts: 37
  • Karma: 0
    • View Profile
    • information security for u
Re: Time to live exceeded
« Reply #1 on: August 30, 2017, 11:01:58 am »
from arm2 i can ping Wan interface of Opnsense2 10.8.10.6/30, but cant ping 10.8.10.5/30 interface of gw.

Mb u know where should I check something?
Logged
www.itsecforu.ru

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: Time to live exceeded
« Reply #2 on: August 30, 2017, 11:46:56 am »
Maybe you need to unblock private networks in your Interface: [WAN] configurations?


Cheers,
Franco
Logged

cryptoparty

  • Newbie
  • *
  • Posts: 37
  • Karma: 0
    • View Profile
    • information security for u
Re: Time to live exceeded
« Reply #3 on: August 30, 2017, 12:31:59 pm »
Unlocked privates and bogon networks and disabled all packet filtring
Logged
www.itsecforu.ru

cryptoparty

  • Newbie
  • *
  • Posts: 37
  • Karma: 0
    • View Profile
    • information security for u
Re: Time to live exceeded
« Reply #4 on: August 30, 2017, 01:24:08 pm »
Will it works, if I use opnsenses without Internet connection? I connect them through gw ( debian ):




and I use gw for WAN interfaces 192.168.2.150 and 10.8.10.5 ip-adresses respectively. Would it work correct ?



in file /etc/defaults/rc.conf :

gateway_enable = "NO"

Is it ok?
« Last Edit: August 30, 2017, 03:31:50 pm by cryptoparty »
Logged
www.itsecforu.ru

cryptoparty

  • Newbie
  • *
  • Posts: 37
  • Karma: 0
    • View Profile
    • information security for u
Re: Time to live exceeded
« Reply #5 on: August 31, 2017, 01:18:50 pm »
Now I fix it. :D Problem was with ip address ob debian.

But now i got other one :D

I can ping remote opnsense's wan interface but cant ping lan ? any ideas how to tune it?

Logged
www.itsecforu.ru

cryptoparty

  • Newbie
  • *
  • Posts: 37
  • Karma: 0
    • View Profile
    • information security for u
Re: Time to live exceeded
« Reply #6 on: September 04, 2017, 09:47:52 am »
Need  I surely make Firewall Rules Site A & Site B for using Ipsec , or I can disable all packet filtering?
Logged
www.itsecforu.ru

cryptoparty

  • Newbie
  • *
  • Posts: 37
  • Karma: 0
    • View Profile
    • information security for u
Re: Time to live exceeded
« Reply #7 on: September 04, 2017, 12:57:15 pm »
I mean: Do I need to make Firewall rules how u show it in tutorial or I can disable it and Ipsec will work?




« Last Edit: September 04, 2017, 04:40:17 pm by cryptoparty »
Logged
www.itsecforu.ru

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • Time to live exceeded
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2