• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[RESOLVED] IPSec tunnel OK but routers can't ping each others

IPsec
3
5
14.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nicolasfo
    last edited by Aug 7, 2017, 2:48 PM Aug 1, 2017, 9:47 AM

    Hello there,
    I've established an IPSec tunnel between a PFSense appliance and a Stormshield appliance.

    Clients on both sides are able to ping each others on the other site and I'm able to access ressources on other site : OK.

    But routers themselves can't ping each others. Generally, routers themselves can't access to ressources on the other site. But "theirs" clients can…

    For example, if I try to ping a server on the site 1 using a client on the site 2, the ping will be OK.
    But if I try to ping the same server with the site 2 router, the ping will not pass...

    Is anyone to help me ?

    Thanks

    Nicolas

    1 Reply Last reply Reply Quote 0
    • J
      Jamerson
      last edited by Aug 1, 2017, 1:40 PM

      Can you access the server and not ping it ?
      or you can't access it at all ?

      Can you share your firewall rules ?

      1 Reply Last reply Reply Quote 0
      • N
        nicolasfo
        last edited by Aug 7, 2017, 11:15 AM Aug 7, 2017, 9:58 AM

        Hello, sorry for the delay

        From PFSense I can't ping the Stormshield but from a client behind PFsense, I can ping Stormshield.
        Form Stormshield, I can't ping PFSense, but a client behind the Stormshield can ping the PFSense.

        Here's my PFSense firewall rules :

        WAN interface :

        Scrambled IP is the public IP of the remote site.

        LAN interface :

        IPSec interface :

        On the other side of the tunnel, I've allowed all traffic coming from an going to the PFSense local network.

        Obviously, all of these PassAll rules are for test purpose only.

        Another test I've made, using "Test port" fonctionnality under PFSense, PFSense is unable to "see" anything located on the remote site, as the remote firewall (at least https) or services hosted by others servers (https, ssh, imap…)

        When I contact a service from a client located behind PFSense, I have logs on the StormShield or PFSense, but when I contact a service with the PFsense itself, no logs appears in the Stormshield or the PFSense...

        Thanks for your help !

        Nicolas

        1 Reply Last reply Reply Quote 0
        • N
          nicolasfo
          last edited by Aug 7, 2017, 2:48 PM

          You can know everything about everything thanks to Google. But if you don't know what to search, it is useless.

          The problem is resolved, by adding a bogus route, by hand.

          Here's the explanation :

          https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

          Thanks for help

          P 1 Reply Last reply Jul 8, 2021, 5:25 PM Reply Quote 2
          • P
            ProperCactus Rebel Alliance @nicolasfo
            last edited by Jul 8, 2021, 5:25 PM

            @nicolasfo said in [RESOLVED] IPSec tunnel OK but routers can't ping each others:

            You can know everything about everything thanks to Google. But if you don't know what to search, it is useless.

            Lol yep exactly. And google eventually led me to your post which also resolved my issue.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.