Multiple PFsense - IPSEC
-
Hey guys,
I am having trouble setting up an IPSEC tunnel from a PFsense that sits behind another PFsense to an external host. As you can see in my diagram, we have 2 PFsense routers. The border router (router 1) has one IPSEC tunnel setup for the local subnet. Now when I try to setup an IPSEC tunnel on Router 2, Router 1 intercepts the IPSEC traffic even though its meant for router 2.The other end of the IPSEC tunnel is getting:
denied udp XXX.234.42.162(500) -> 202.73.206.209(500), 7 packets
So it looks like router1 isn't allowing the ipsec packets through to router2 even though its all on public IP space.
-
you need firewall rules to allow that traffic through where it's getting blocked
-
Router 1 already had all ports and IPs completely open to every subnet on Router 2. Last night i upgraded router 1 to PFsense 2.0 and switched to manual NAT and we seem to be getting somewhere.
-
You have to disable NAT too via outbound NAT when you're routing public IPs, on all the systems that are routing public IPs.
-
@cmb:
You have to disable NAT too via outbound NAT when you're routing public IPs, on all the systems that are routing public IPs.
Great - good advice. I have disabled it on both routers.
Just to summarize to everyone, after upgrading to 2.0 and disabling outbound NAT, IPSEC is passed through from Router1 to Router2.