Are your IPsec site-to-site work fine?
-
I use pfsense 2.0-RC2 [(i386) built on Wed Jun 8 17:55:26 EDT 2011] and another VPN Gateway connect to IPSEC tunnel as fllowing:
192.168.18.0/24–-- pfsense 2.0 <------------> other VPN Gateway------192.168.2.0/24
+ (192.168.18.1) 192.168.2.1 +
| |
pc1(192.168.18.45) pc2(192.168.2.231)
the IPSec tunnel can connect normal as pfsense show, and the status show the tunnel is online, in pc1 (192.168.18.45) I can ping success pc2(192.168.2.231) and 192.168.2.1, but, from pc2 (192.168.2.231), I can't ping success pc1 and pfsense 2.0, in the firewalll rule, I add "ipsec" rule any to any is pass, in system log, I find the icmp from 192.168.2.231 to 192.168.18.45 is block, I don't know why pfsense2.0 block packet. guys, are your ipsec site2site work fine?
ID Proto Source Port Destination Port Gateway Queue Schedule Description
ipsec rule: * * * * * WAN none
system log: pass Jun 14 15:51:37 LAN 192.168.18.45 192.168.2.231 ICMP
block Jun 14 15:52:47 enc0 192.168.2.231 192.168.18.45 ICMP -
My site-to-site works fine. I did have to add allow rules for traffic going from Site A (ASG 220) going to Site B (pfsense 2.0 RC2). You might want to look at the firewall log to see if packets are getting dropped on the pfsense side.
-
My site-to-site works fine. I did have to add allow rules for traffic going from Site A (ASG 220) going to Site B (pfsense 2.0 RC2). You might want to look at the firewall log to see if packets are getting dropped on the pfsense side.
The first, thank you very much!
yes, in pfsense 2.0 rc2, I add rules in "ipsec" table to allow all traffic in and out, but in firewall log I can see the incoming traffic is block!
–-----------------------
I modify the ipsec rules to pass any any to lansubnet
pass any lan to any
now it can work! -
Sorry I was doing to many thing at the same time. While trying to formulate my last post. I should have said to add rules to the IPsec filters and the Lan filters. I'm glad to hear that your now working.