Traffic into remote LAN retaining local VPN IP address
I'm trying to connect up a VPN from my office to a data centre using a PFSense firewall. Phase 1 and 2 establish fine, and traffic is traversing the VPN, however end-to-end connectivity is not working, and having done a number of packet captures we are seeing some strange behaviour from the PF Sense firewall into the LAN at that end. Rather than using the original source IP from my LAN (192.168.11.x), it is retaining my VPN WAN address as the source IP instead which obviously breaks the connection. My network is fairly simple, just the LAN connecting out through a router with built in IPSec (this is an RG Nets rXg S4 - a rare system but uses IPSec standards and works fine for other VPN connections I've set up).
Connectivity from the remote LAN into my LAN is working correctly, so as an example we have a ping running from a system on .10 from their network into .2 on mine, and I see that come in correctly, and reply. So the issue is only at the remote site.
Is there any reason why the PF Sense may behave in this way? The owners at the far end have a test VPN from a Draytek router that seems to work so it's just our connection failing. To add to the strangeness, it has worked momentarily on 3 occasions but then quickly fails again.
We've tried changing phase 1 and 2 to the lowest settings to no avail but then I didn't expect this to help. Nat-T is enabled but we tried disabling that too and this didn't work either.
This is getting fairly desperate so any help would be greatly appreciated! :)
Just a quick update on this - I had been testing with my laptop and couldn't get this working and had to plug into something else so put the connection onto an IP phone (which is what the VPN is for). And it came to life! I then tried to send a ping from the phone to the end system across the VPN, and the issue came back. Took the cable out of the phone to reset it, back in, and now it's working again.
So I'm now wondering if there's some erroneous NAT occurring on my end. If anyone has seen something like this before though, any responses would still be great.