Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    One Way Traffic on Site-to-Site IPSEC (Both pfSense Endpoints)

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 6.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      davehouston
      last edited by

      Hi.

      I have 2 pfsense boxes (4 really but using CARP!!  ;D) with a site to site IPSEC tunnel. Followed the tutorial here:
      http://mirror.qubenet.net/mirror/pfsense/tutorials/mobile_ipsec/

      Twice no less….. but traffic will only flow from the VPN client to server but not vice vesa.

      Can anybody lend a hand?

      Thanks

      Dave

      1 Reply Last reply Reply Quote 0
      • M
        maelstrom
        last edited by

        What's the gateway on the server? If you are using a second gateway for its primary then you might need to add a static route pointing to the vpn for the other network.

        Or

        Try adding a route (I am going to assume this is windows)

        route add network ip eg 10.10.10.0 mask netmask vpn gateway

        See if that gets you the ping response.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Not that it's necessarily related, but if it's site-to-site then why are you using a mobile tunnel? Is one side on a dynamic IP?

          Typically, if traffic only flows in one direction there are two culprits:
          #1: As maelstrom said, make sure the gateways on both sites are set to their respective pfSense routers (probably the CARP address to be specific)

          #2: The IPSec firewall rules may not be set properly on one side. (Firewall > Rules, IPSec tab)

          It might help to know that by "Traffic only flows one way" does that mean the client can actually get a reply from the server?
          If you can ping from Client -> Server and get a reply from Server -> Client, but initiating the connection the other way (Server -> Client) does not work, then my #1 suspect would be firewall rules.

          If, however, you ping from Client -> Server, and you see the ping get there, but the reply doesn't make it back to the Client PC, then that would suggest a gateway issue.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • D
            davehouston
            last edited by

            Thanks for the suggestions. I'll give them both ago when the users leave for the night and post back.

            Thanks again.

            Dave

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.