Traffic not routed to IPSec but default gateway in stead



  • Hello,

    I have some IPSec VPN tunnels, and all but one have networks as phase 2 configured. But one tunnel has only a single address defined for both local and remote address. Now the tunnels with the networks all route traffic into the IPSec tunnels (by checking the states), but the one with the single address does not, it routes to the default gateway (WAN) in stead of the phase 2 endpoint address (by checking the states).

    setup:

    network tunnels with phase 2 networks:
    phase 1: IKE v1 main, simple config
    phase 2: local network 192.168.0.0/24, remote network 192.168.x.0/24

    network tunnel with phase 2 address:
    phase 1: IKE v1 main, simple config
    phase 2: local address 192.168.0.1, remote address 10.10.0.1

    All tunnels show up as connected

    Now if I ping to 10.10.0.1, it is not routed to the IPSec tunnel, but out of the WAN interface! Pinging 192.168.x.x routes correctly out of the appropriate IPSec tunnel.

    There are no other routes to the 10.10.0.1, so normally the pfsense should understand that it should route traffic to 10.10.0.1 through the IPSec tunnel, but it doesn't!

    What is going on here  :-\ ?



  • That doesn't match the P2 you have defined, so it's not supposed to go over the VPN. Needs to be source of the network, not single IP, like your other one.



  • @cmb:

    That doesn't match the P2 you have defined, so it's not supposed to go over the VPN. Needs to be source of the network, not single IP, like your other one.

    I'm not quite sure what you mean. The given configuration is mandatory by the provider of the tunnel endpoint… It works using the same config on another router like a Draytek!