IPSEC do not route trafic coming from other IP's (not local subnet but from a subnet connected with a router with local)
-
Hi,
I am new on pfSense and IPSEC and now I am stuck for few days trying to configure all I need.I have next config:
my local net: 10.10.0.x with gw 10.10.0.254 (used for internet connection)
on the gw i have also a openvpn server and clients have ip's in 10.8.0.x and gw for them on 10.8.0.1I installed pfSense for IPSEC and in next time want to move slowly all services form old router (ClearOS) on pfSense.
So I have pfsense on 10.10.0.200 and remote net is 10.30.0.x.
All routing between 10.10.0 and 10.30.0 are working ok.
The same from 10.8 to 10.10
But when I try ping from 10.8 ip to IPSEC ip, pfsense receive on xn0 interface the ICMP packet but do not pass to enc0. I receive TTL expired in transit.If i ping from 10.30.0 ip to 10.8.0.1, packet go to destination and when return stuck in the same place, on xn0 interface of pfsense.
As I told, ping from 10.8 to 10.10.0.200 is ok. Also ping from 10.30 to 10.0.0.254 is ok.
I do not understand why pfsense do not want to route a packet to 10.30 comming from 10.8Any advice is welcome.
Thanks -
Hi,
you may try do reboot the pfsense, the routing table is sometimes a little bit weird.