• 0 Votes
    4 Posts
    1k Views
    stephenw10S
    Ah, so more likely then it's not a conflict but that your ISP is handing you a technically invalid gateway that's outside the WAN subnet, which is only a single address. Fun. There is an option to allow that for providers who decide to ignore the standards. In System > Routing > Gateways edit the dhcp gateway and set 'Use non-local gateway' in the advanced section. Steve
  • IPSec Site to Site with peer behind CGNAT

    IPsec ipsec site-to-site cgnat
    3
    0 Votes
    3 Posts
    4k Views
    M
    For anyone who is interested (n00b here), i got it to work (branch to pfsense only): Phase 1 remote subnet on pfsense has to be 0.0.0.0 with responder only option checked. on Huawei Side, the following command had to be configured: ipsec authentication sha2 compatible enable the result is: [image: 1565666662782-22accdc1-de10-456f-beb1-06c813df2382-image.png] The problem now is that pfsense does not direct traffic with destination to remote subnet (i.e. 10.2.20.0) through IPSec, it uses WAN0 for that. any ideas? [update] working now, was pinging from the wrong device.