One way IPSEC VPN 2.2.6
-
Hi all - been scratching my head on this one for a while… hopefully someone can help.
Got a pair of pfSense boxen running 2.2.6 - IPSec VPN set up between them.
The VPN works with traffic initiated from SiteA>SiteB but not the other way around.
In the non-working direction, I dont see the traffic hitting the enc0 interface - the log reports that the default deny has dropped it.
In the working direction, I do see the appropriate traffic on the enc0 interface and the log reports that @81(1000004112) blah blah "IPsec internal host to host" rule has allowed it.
The output of pfctl -sr tells me that both firewalls have that rule (I presume its a default rule)
The P1 & P2 screens show successful connections. SPDs also show correct.
I just cant see what the issue is… HELP :)
ih
-
That means you don't have a matching rule on Firewall>Rules, IPsec tab, on the side where you're seeing it logged as blocked.
-
Hi, thanks for the response.
I do though.
On both sides, I have the following:
ID Proto Source Port Destination Port Gateway Queue Schedule Description
IPv4 * 172.16.10.0/24 * 172.16.20.0/24 * * none
IPv4 * 172.16.20.0/24 * 172.16.10.0/24 * * noneIs it indicative of something that on the working side, the rule matched does not appear to be one of these I manually added?
ih