IPsec tunnel UP but unable to ping remote site
-
I edited both phase 2 configs & set the the lifetimes to be 3600 (they were 86400) and saved the configs.
Then, I refreshed the IPsec status pages and the tunnel showed as "active".But of course, I still cannot ping/access the other network!
I restored the lifetimes back to 86400 and the tunnel is still showing as "active", but the remote network is still not accessible from the local network, and vice-versa.
Strange?
-
2 days ago, I restarted the local pfSense box (version 2.1), then pinged a couple of hosts on the remote LAN and the pings were successful!
Now, it's not working again :( / >:(It seems there must be a problem with IPsec on 2.1.
As soon as I get some time, I'll install version 2.0.3 and see whether the problem persists.Thank you.
-
I upgraded to the 2.1.1 PRE-RELEASE version without any success.
-
So i got this Problem too and i rollback on 2.0.3 and it works i think there is aproblem with the routing in version 2.1 on an upgrade it works but install doesn`t i hope it can helps bb
-
Why are hesitant to roll back to 2.0.3?
-
Yes, you are right.
I am trying everything possible before the last resort of rolling back to 2.0.3.
I think I got used to the interface, the traffic shaping queue status, …I'm even trying OpenVPN, but having the same problem, which is making me wonder whether the problem is elsewhere!
The OpenVPN tunnel is UP, but I'm unable to access either remote LAN hosts.Will update this post if I do find the cause of this problem.
-
We have the same problem, tunnel is up but no traffic in both directions.When I restart racoon on both sides I have traffic but after some time this stops while tunnel status still shows up.
We use the special hyper-v 2.1 build.
Lex
-
We have the same problem, tunnel is up but no traffic in both directions.When I restart racoon on both sides I have traffic but after some time this stops while tunnel status still shows up.
We use the special hyper-v 2.1 build.
Lex
silly question, but did you add a rule in the firewall for the VPN interface which allows all traffic ?
-
Yes, I have a rule to allow all traffic on the ipsec interface.
And in fact at times it works for a while but then traffic stops but tunnel status still show connected on both sides.
When I restart racoon on both sides the tunnel gets connected but maybe in 1 out of 10 times I have traffic through.Lex
-
Have you resolved this issue? I am seeing the same symptoms.
-
Questions:
Is your tunnel up? (verify in the IPSec Status / Logs).
HAve you created the rule for IPSEC (source any / desto: any)?I had to créate two additional rules in the LAN tab, with source: local subnet / desto: remote subnet and vice versa.
That way I had it working.
-
Questions:
Is your tunnel up? (verify in the IPSec Status / Logs).
HAve you created the rule for IPSEC (source any / desto: any)?I had to créate two additional rules in the LAN tab, with source: local subnet / desto: remote subnet and vice versa.
That way I had it working.
I created the rules as stated and the VPN worked for about 5 minutes. After many wasted hours of troubleshooting, I finally removed the IPSec configuration for the tunnel on both sides and started from scratch, setting them up side-by-side. The tunnels have now been working for a few hours without any issues whatsoever. I will give it the weekend before I am confident.
-
im sorry (and desperate) to report I have identical issue.
I have 4 vpn tunnels to 4 remote pfsense firewalls. 4 tunnels show up and green, only 3 tunnels transmit data.
ive rebooted all pfsense systems, and all the 3 tunnels work correctly, but the 4th tunnel shows up but no data. I am really hoping to find the solution to this issue! has anyone made any progress lately?
-
well, i rebuilt one problem pfsense this morning. rebuilt its 3 ipsec tunnels… 2 came up, and the broken one stayed broken (even tho it shows as green in the status).
ill rebuild the other endpoint tonight and report back.
-
Hey guys
Sorry for grub out the old thread - but there's no other thread open and here's no solution ;)
I have excactly the same issue: 2 IPsec VPNs and I can't ping the remote network - but from the remote network I can ping to my network.
Maybe somebody has an solution?
-
Overlord >>
you try to search in Status > System Logs > Firewall > Normal View
Maybe that will help you. -
Overlord >>
you try to search in Status > System Logs > Firewall > Normal View
Maybe that will help you.I have the same trouble :/ ! What have I could find ? But my configuration is a little bit different, may be it's the reason of that.
[Local site pfSense]–|
[Local computer]–----|--[Local Internet Access Router]–|@@@@@@@@@@|--[Remote Internet Access Router]–[Remote pfSense]–[Router]–[Remote Network]My Local pfSense have only one network interface and I have a route between Remote pfSense and Remote Network.
But from Remote Network, I can ping Local computer but from Local computer that doesn't work.What could I find in Status > System Logs > Firewall > Normal View ?
Thank you in advance,
Regards,
W. -
Nobody have a solution ?
I didn't find yet how I could resolv my problem…
Wagab
-
@hongkonger:
Hi,
I have almost similar issue,
i can RDP to the remote hosts, but cant ping or tracert,
normally this wouldnt bug me much but i have a number of PCs that are unable to connect to the Domain controller on the remote network.
IPsec rules on both pfboxes are pass on any to any.
any thoughts?
thanks
EDIT, my bad I wasn't paying attention to rule in IPsec, its tcp/udp, for ICMP u need a specific rule on both side.
Hi I had a similar issue so i created a rule on the LAN interface that allows any protocol on the specific network on both source and destination.
-
I'm having a similar problem, but: I can ping the remote PFSense box and access it via web configurator, but all other hosts on the same subnet are not pingable or otherwise reachable. BUT the remote site can ping/reach everything on my local site.
I also don't see anything being blocked on the firewall. I suppose my problem and possibly also the others mentioned here are some kind of routing problem?
I'm running on pfsense 2.3.4 (remote site) and a Cisco Meraki MX400 (local).