Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec not routing traffic from internal network

    Scheduled Pinned Locked Moved IPsec
    8 Posts 6 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      realtek
      last edited by

      Hi,

      I have a IPSec tunnel which is up and connected successfully.

      My issue is it is not routing traffic from my internet network through the IPSec tunnel.

      My network is 192.168.0.0/24 and the network I am trying to reach is 192.168.130.0/24

      I have the firewall rules added and I can see the traffic is accepted in the logs but it does not reach the network.

      Have I missed something during my setup? Is there anything else I need to configure?

      On my workstations I have added a static route and also tried using the pfsense box as a default gateway but it does not get there.

      Any help would be great. Thanks

      1 Reply Last reply Reply Quote 0
      • D
        Docadmin
        last edited by

        Hi there,

        seems there is noone to help you - I have the same issue and doing the "try and error" game after reading tons of Explanations which all doesnt seem to work … strange.....

        1 Reply Last reply Reply Quote 0
        • T
          tipiewot
          last edited by

          Hi Realtek,
          Have you :

          • manual outbound NAT enabled
          • IPSEC rules full open (I know : bad idea, but only for testing purpose)
          • LAN rules open to reach destination subnet
          • IPSEC Phase2 local and remote networks well configured

          I run IPS LAN to LAN in production for a few month, without any problem. Don't understand where something goes bad for you.
          Any log ?

          Regards.
          Pierre

          1 Reply Last reply Reply Quote 0
          • M
            mohammadreza73
            last edited by

            i have this same issue , in status its seem connected but traffic from my lan subnet and from pfsense not pass from tunnel
            how ca i fix it ?  :-\ :-\ :-\ :-\ :-\ :-
            :'( :'(

            1 Reply Last reply Reply Quote 0
            • S
              s3ri4l
              last edited by

              Hello, good morning,
              I have a similar problem, which version of pfSense?

              1 Reply Last reply Reply Quote 0
              • T
                tipiewot
                last edited by

                Hi folks,
                2.2.1 for me, no issue.
                Do you have any log ?
                What are default Gateways (I remember I had strange behavior with def. GW configs) ?
                Cheers.
                Pierre

                1 Reply Last reply Reply Quote 0
                • iorxI
                  iorx
                  last edited by

                  Hi!

                  Digging around on one other issue and saw this. Maybe this be of help with your issue.
                  My LAN routing to the other side of the tunnel was OK but I couldn't get pfsense to reach it (resulting in not DNS Resolver working among o.t.)

                  This solved every thing for me:
                  https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

                  1 Reply Last reply Reply Quote 0
                  • T
                    tipiewot
                    last edited by

                    @iorx:

                    Hi!

                    Digging around on one other issue and saw this. Maybe this be of help with your issue.
                    My LAN routing to the other side of the tunnel was OK but I couldn't get pfsense to reach it (resulting in not DNS Resolver working among o.t.)

                    This solved every thing for me:
                    https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

                    Exact, iorx : in my prod config, C class IP addresses are all redirected to the LAN, whereas remote end of the IPSec tunnel is also 192.168. From my point of view (maybe mistaking, but why ?) this is normal, regarding routing : remote end of IPSec tunnel is "directly connected" for the pfSense, so not needing any static route.
                    Have to recognize that adding a bogus internal IP to do it play may appear a little bit strange, though !  :D
                    Cheers !

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.