Tunnel accessible one way

deresistance · Dec 31, 2006, 4:06 AM

I have a nice IPSec tunnel setup between pfsense and monowall at 2 locations connected through 1 connection. Recently I installed another provider at the pfsense side and I am doing a load balanced connection. Since I have I can not access my remote location (monowall side) since I have done this. Yet I some servers doing DFS replication CAN access through the tunnel to my other location. From the remote location I can access everything on the other side no issues. I have a feeling its an issue where I am being routed to a bad location?

Is there anything I should set on my local lan so that it routes all the remote subnet to the correct connection? Obviously the IPSec tunnel is connecting to 1 ISP no failover or anything yet.

Monowall (10.0.0.0/24)
|
PFSense (WAN1)
|
(Loabalance WAN1, WAN2)
|
LAN (191.168.0.0/18)

So long story short when on the 191.168.0.0 subnet I can not access the 10.0.0.0 subnet. I can visa versa. Is it because my local traffic is being load balanced to the wrong WAN interface? What is the fix?

Thanks

sullrich · Dec 31, 2006, 4:25 AM

1. Traceroute to a host on the other end of the tunnel.
2. Double check firewall rules on each end of the tunnel and ensure that it is allowing the traffic.

hoba · Dec 31, 2006, 1:10 PM

Add a firewall rule like this at the loadbalancing pfSense (top of the firewallrules):
pass, protocol any, source lan subnet, destination network 10.0.0.0/24, gateway default

This will fix it.