IPsec tunnel established but hosts cannot ping each other
-
@xAgamemnon Yes i know there is a mismatch in Phase 2 remote network i changed it to 192.168.138.0 but it also doesn't work
-
@xAgamemnon
I didn’t mean a screenshot of logs but the actual IPsec logs maybe from console or ssh you can grab it
Secondly I don’t see any firewall rules. There should be a firewall rule on the IPsec interface I believer. What do the firewall logs show? Any drops? -
I changed once again to options shown below:
Now I can ping the WAN and Gateway but host cannot see each other:
-
@michmoor Here are the logs:
Logs IPSEC Site A.txt
Log IPSEC site B.txt
Here are the rules on IPSEC:
-
@xAgamemnon
Do both host use the pfSense in in their LAN as default gateway?Do the hosts themself allow access from outside of their local network?
Maybe disable their firewalls and reboot them then. -
@viragomann yes both host use pfsense as default gateway and everything is allowed in firewall as i shown above
-
@xAgamemnon
I was talking about the firewalls on the host behind pfSense. -
@viragomann That's what I've figured out, after disabling the microsoft defender firewall I can ping between sites without any problem now I just need to add a rule so that this network traffic is allowed. Thanks a lot for help, I don't know why I haven't come across this before
-
@xAgamemnon
The Windows firewall allows basic access like pings from within the local subnet by default, but not from outside.
So access normally works as long as it doesn't pass a router. -
@xAgamemnon
Estou com o mesmo problema, eu configurei dois pfsenses um matriz e outro filial, mas eu só consigo pingar o pfsense do outro lado e mais nada!
dentro da mesma rede pinga normal, mas tanto da matriz como da filial eu nao consigo pingar nenhum micro a não ser o pfsense do outro lado.nas configurações de firewall esta tudo liberado entre os tuneis...
alguém tem alguma ideia?
-
@fcostars Resolvido!
Estava clonando configuração ipsec para não digitar tudo novamente e dessa forma o firewall se perde!Segue a dica! Nunca clone uma regra e sim reescreva novamente!