PfSense instances communicating with each other when IPsec tunnel is in place

cro

Greetings,

I have "2.4.0-BETA (amd64) built on Sat Aug 12 09:57:36 CDT 2017" installed on 3 pfSense boxes that are connected to each other with IPsec tunnels.  I am having trouble communicating directly between the boxes, but not between the LAN side for the internal networks on the inside of the firewalls.  I have followed the instructions here:

https://doc.pfsense.org/index.php/Why_can't_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

but with those changes in place when I try to ping from one LAN to another I get

PING 10.0.171.1 (10.0.171.1): 56 data bytes
36 bytes from pfsense.home.ncbt.org (172.23.23.1): Redirect Host(New addr: 172.23.23.1)
Vr HL TOS  Len  ID Flg  off TTL Pro  cks      Src      Dst
4  5  00 0054 2017  0 0000  40  01 e207 172.23.23.114  10.0.171.1

and pinging one router from another doesn't work at all.

What's the recommended method in 2.4 and following for connecting two LANs with IPsec but still allowing the pfSense boxes to talk to each other?

jimp

The ICMP redirect is normal when you have the extra gateway defined like that doc describes. That same setup works fine on 2.4 here.

How are you pinging from one firewall to another?