Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec No traffic passed from LAN but traffic passed from router

    Scheduled Pinned Locked Moved
    IPsec
    4
    6
    3.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mbnwa
      last edited by

      I have an IPSec tunnel setup between my WAN IP โ€“> WAN IP in PFSense if I ping the remote WAN IP from the router I can pass traffic as expected however from the LAN I can not pass any traffic to the far side WAN

      Current Config:
      PFSense 2.0 Beta 5
      Router WAN 173.x.x.x
      Router LAN 192.168.50.0/24
      Router IPSec Config
      Remote Gateway 67.x.x.x
      Local Subnet 173.x.x.x/28
      Remote Subnet 206.x.x.x/24

      Trying to do LANPC(192.168.50.x) --> PFSense(192.168.50.1) --> IPSec(206.x.x.x) = No Traffic

      PFSense(cmd ping -S 173.x.x.x 206.x.x.x) --> IPSec(206.x.x.x) = Traffic
      PFSense(cmd ping -S 192.168.50.1 206.x.x.x) --> IPSec(206.x.x.x) = No Traffic

      I am thinking I will need to add an additional NIC and a new PFSense box that is not NAT'ing and bring the connection up on that box then do a rule on the NAT'ing box to point to that interface when I need to talk to the remote WAN but I am not sure if that is the right way to go or if I can somehow do this inside this single config.

      Any help would be awesome.

      Thanks

      1 Reply Last reply Reply Quote 0
      • M
        muffin
        last edited by

        Have you set up a rule under IPsec to allow all traffic?

        1 Reply Last reply Reply Quote 0
        • M
          mbnwa
          last edited by

          I do have a rule setup however it is still not passing any traffic if the traffic originates from the LAN interface only of the traffic is generated from the PFSense box it's self

          1 Reply Last reply Reply Quote 0
          • S
            SeventhSon
            last edited by

            How is are your NAT rules setup?

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              Is the pfSense box the gateway for the systems on LAN? If you do a packet capture on LAN do you see the traffic from the local machines coming in LAN and still not hitting the tunnel?

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • M
                mbnwa
                last edited by

                That is correct the PFSense box is the gateway for the LAN

                Config was PFSense Box
                NIC1 WAN1 โ€“ VPN to Public Network
                NIC2 WAN2 -- Load Balance to WAN1
                NIC3 LAN -- Internal Network

                Yes I was able to see the packets on the LAN side but they always tried to go out the WAN1 interface not the IPSec tunnel - I have added a 2nd PFSense Box now and it's working as expected

                New Config

                Original Box
                NIC1 = WAN1 (/28 Network Public)
                NIC2 = WAN2 (/28 Network Public)
                NIC3 = VPN Link (/30 Network Public)
                NIC4 = LAN (/24 Network Internal)

                2nd Box
                NIC1 = WAN1 / VPN Public (/28 Network Public)
                NIC2 = VPN Link to 1st Server (/30 Network Public)

                Now when I send traffic to that subnet I added a rule to send all traffic out VPNGW on the 1st router and it's passing it to the VPN box (2nd router) then passing along to the VPN Subnet as expected

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.