IPSec (Routing all over Tunnel)



  • I have 1 tunnel that is up and working. Forces all remote traffic over the tunnel.

    Tried to create a 2nd tunnel for another location with the exact same settings as tunnel 1 (although different specifics) this tunnel connects, phase 2 connects but NO traffic will pass over it.

    I have duplicated all the firewall rules, Outbound NAT rules etc and no no avail its not working.

    Can anyone give me some help?



  • Maybe you could give us a short shematic drawing of your network topology including VPN Tunnels including IP Adresses so that we could get along what you are trying to achive. Do you try to connect two spokes to a hub? Are these two completely different sets of routers not seeing each other? (Cause you say you configured them excatly the same way, does that mean you are using the same IP Address spaces on both router constellation?) You see, better to have a small drawing cause for me it's not clear how your system looks like and what you want to do.



  • All locations have current version of pfSense.

    Site A - 10.10.10.x

    Site B - 192.168.50.x

    Site C - 192.168.75.x

    I have a current tunnel from A to B. I have all the traffic routed over the tunnel out though Site A's internet connection. All of which is working fine.

    I NEED A tunnel from A to C, I can get the tunnel online, i can ping both directions. The issues arise when I set the Phase2 networks to 0.0.0.0/0 to route all traffic. Then nothing goes over the tunnel.

    I have attached some snips of the working A to B setup (ive removed the A to C one as ive been redoing it various different ways to no avail.)
    As i said, i went back though and mirrored the settings from A to B to A to C (obviously changing the IP's and such as needed) and no matter what i do, it just doesnt work. I even went though each oen side by side, page by page and made sure it was exact.

    ![IPSec Settings.JPG](/public/imported_attachments/1/IPSec Settings.JPG)
    ![IPSec Settings.JPG_thumb](/public/imported_attachments/1/IPSec Settings.JPG_thumb)
    ![Outbound Nat.JPG](/public/imported_attachments/1/Outbound Nat.JPG)
    ![Outbound Nat.JPG_thumb](/public/imported_attachments/1/Outbound Nat.JPG_thumb)


  • Netgate

    Local subnet 0.0.0.0/0 Remote Subnet 192.168.75.0/24 should work fine on the second tunnel. You only posted information for the one tunnel.

    IPsec usually has zero to do with outbound NAT. Not sure why you posted that.



  • @Derelict:

    Local subnet 0.0.0.0/0 Remote Subnet 192.168.75.0/24 should work fine on the second tunnel. You only posted information for the one tunnel.

    IPsec usually has zero to do with outbound NAT. Not sure why you posted that.

    I was setting it up per this https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnel

    So i went ahead and setup a new tunnel left the remote network the default of 192.168.1.x.

    Tunnel is connected with 0.0.0.0/0 for networks and no traffic.

    Attached is a snip of the connected tunnels. The bottom one is the NONE WORKING one.

    Attached firewall rules.

    ![Firewall Rules.JPG](/public/imported_attachments/1/Firewall Rules.JPG)
    ![Firewall Rules.JPG_thumb](/public/imported_attachments/1/Firewall Rules.JPG_thumb)



  • By your screens you are under 2.3.2 version?



  • I was actually able to get the issues resolved. Turns out for some odd reason, when I used Chrome it was saving the network settings, but not really saving them. I used Firefox and as soon as i re-saved the info, the tunnel came up and traffic was flowing.