Trubl Port Forward WAN to IPSec tunel host

mic.bummer

Hello
I have a problem
Forward does not work from WAN adress (office 1) to IPSec tunel host (office 2)
Please tell me what is the reason  :-[
Thank you! :)

I'm sorry, I did not find spoiler :o

[img]https://pp.vk.me/c638021/v638021615/664e/e8Nku_h_Xbs.jpg

Derelict

When the traffic from the internet host is forwarded to an IPsec host, it does not match the phase 2 traffic selector because the source address is the internet address.

Only traffic between 10.0.0.0/24 and 10.20.21.0/24 is "interesting" to IPsec.

mic.bummer

@Derelict:

When the traffic from the internet host is forwarded to an IPsec host, it does not match the phase 2 traffic selector because the source address is the internet address.

Only traffic between 10.0.0.0/24 and 10.20.21.0/24 is "interesting" to IPsec.

Can I use a different method VPN?

Derelict

You can do this with OpenVPN.

This is an example of forwarding ssh requests from the internet over OpenVPN to a destination server:

https://forum.pfsense.org/index.php?topic=82732.msg453269#msg453269

mic.bummer

@Derelict:

You can do this with OpenVPN.

This is an example of forwarding ssh requests from the internet over OpenVPN to a destination server:

https://forum.pfsense.org/index.php?topic=82732.msg453269#msg453269

According to the recommendations made settings
Forwarding to WAN office 1 does not work  :(
Please tell me where I could be wrong?

Many thanks!

Derelict

Are there any rules on the OpenVPN tab next to OPT1?

If so, delete or disable them.

As soon as there are no rules on OpenVPN, do a Diagnostics > Packet Capture on that OPT1 interface using host address 10.10.21.10 port 3389 and try a couple times. What do you see there?

mic.bummer

@Derelict:

Are there any rules on the OpenVPN tab next to OPT1?

If so, delete or disable them.

As soon as there are no rules on OpenVPN, do a Diagnostics > Packet Capture on that OPT1 interface using host address 10.10.21.10 port 3389 and try a couple times. What do you see there?

Tried 2-4 attempts for 3-5 minutes  :o

Derelict

Then the traffic is not making it that far.

Post your OpenVPN configs on both sides.

mic.bummer

@Derelict:

Then the traffic is not making it that far.

Post your OpenVPN configs on both sides.

mic.bummer

@Derelict:

You can do this with OpenVPN.

This is an example of forwarding ssh requests from the internet over OpenVPN to a destination server:

https://forum.pfsense.org/index.php?topic=82732.msg453269#msg453269

I re-read your statement, and I have everything working !!
Excellent!!
Thank you very much!

Derelict

Outstanding. Thanks.