Connections from site 1 to site 2 only work partly
-
I am facing a strange issue.
Let's first start with the setup. I have attached a drawing of the network layout.Settings on PFSENSE-01:
- Only one interface: WAN
- System/Advanced/Firewall & NAT: Disable Firewall enabled
- Interfaces/WAN/IPv4 Upstream gateway: 172.16.1.254
- VPN/IPsec/Tunnels/Phase 1:
– Key Exchange version: IKEv1
-- Interface: WAN
-- Remote Gateway: 88.159.22.123
-- My identifier: My IP address
-- Peer identifier: IP address: 172.26.1.13
-- Responder Only: Enabled (Since this one can’t initiate the connection) - VPN/IPsec/Tunnels/Phase 2:
-- Mode: Tunnel IPv4
-- Local Network: Network: 172.16.0.0/13
-- Remote Network: Network: 172.24.0.0/13
Settings on PFSENSE-02:
- Only one interface: WAN
- System/Advanced/Firewall & NAT: Disable Firewall enabled
- Interfaces/WAN/IPv4 Upstream gateway: 172.26.1.254
- VPN/IPsec/Tunnels/Phase 1:
-- Key Exchange version: IKEv1
-- Interface: WAN
-- Remote Gateway: vpn.hostname.com
-- My identifier: My IP address
-- Peer identifier: IP address: 172.23.1.4
-- Responder Only: Disabled (This one has to initiate the connection) - VPN/IPsec/Tunnels/Phase 2:
-- Mode: Tunnel IPv4
-- Local Network: Network: 172.24.0.0/13
-- Remote Network: Network: 172.16.0.0/13
On both routers I have added a static route:
- ROUTER-01: Destination 172.24.0.0/13 to 172.23.1.4
- ROUTER-02: Destination 172.16.0.0/13 to 172.26.1.13
The tunnel comes up, and I am able to ping in both ways, e.g. I can ping the 172.26.1.254/172.26.1.12/172.26.1.254 from 172.23.1.4/172.18.1.8, and 172.23.1.4/172.18.1.8/172.16.1.254 from 172.26.1.13/172.26.1.12.
I can also ssh, for example, from 172.26.1.12 to 172.18.1.8/172.23.1.4/172.16.1.254.However, I can not ssh from 172.18.1.8 to 172.26.1.12.
But I can ssh from 172.18.1.8 to 172.26.1.13 and 172.26.1.254.Even from the pfsense box (172.23.1.4) I am not able to ssh to 172.26.1.12.
I have verified that ssh is working on the 172.26.1.12, and I have also tried to browse and RDP to other machines (beside the 172.26.1.254 and 172.26.1.13), which is also not working.
What could be causing these problems?
-
local firewalls on those machines not allowing traffic outside their home/LAN subnet?
-
I have just checked, and there are no firewalls enabled on those machines.