Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC tunnel up but packets now flowing (ipsec interface seems to need route)

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 634 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jantypas
      last edited by

      Hello all – a previous Mikrotik user here who's trying pfSense 2.3.2 release p1 here.  The standard material works -- NAT routing out to the Internet from a NATed v4 LAN, DHCP server etc.  I then tried to set up an IPSEC road warrior tunnel.  Though I've attached my config, here's the high-level:

      • Firewall automatic outbound NAT
      • LAN 10.0.0.0/16 pfSense box is 10.0.0.5
      • IPSEC virtual IPs 10.1.5.0/24

      The tunnel comes up.  If I attempt to ping from the pfSense shell to 10.1.5.1, it fails. 
      If I then attempt ping -S 10.0.0.5 10.1.5.1 it succeeds.

      In Mikrotik, IPSEC tunnels were represented as virtual interfaces ipsec0, ipsec1....  So, routing by interface became route -net 10.1.5.0/24 via ipsec0.
      How do I tell the pfSense box to route all 10.1.5.x/24 traffic down a tunnel -- I know it's SUPPOSED to be automatic but....
      Obviously, right now, it doesn't even route from 10.1.5.1 to anything....

      config-pfSense.txt

      1 Reply Last reply Reply Quote 0
      • K Offline
        KDog
        last edited by

        Have you enable traffic to flow in the firewall rules? There is a separate FW rules section for IPSec channels.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.