IPSEC tunnel up but packets now flowing (ipsec interface seems to need route)
-
Hello all – a previous Mikrotik user here who's trying pfSense 2.3.2 release p1 here. The standard material works -- NAT routing out to the Internet from a NATed v4 LAN, DHCP server etc. I then tried to set up an IPSEC road warrior tunnel. Though I've attached my config, here's the high-level:
- Firewall automatic outbound NAT
- LAN 10.0.0.0/16 pfSense box is 10.0.0.5
- IPSEC virtual IPs 10.1.5.0/24
The tunnel comes up. If I attempt to ping from the pfSense shell to 10.1.5.1, it fails.
If I then attempt ping -S 10.0.0.5 10.1.5.1 it succeeds.In Mikrotik, IPSEC tunnels were represented as virtual interfaces ipsec0, ipsec1.... So, routing by interface became route -net 10.1.5.0/24 via ipsec0.
How do I tell the pfSense box to route all 10.1.5.x/24 traffic down a tunnel -- I know it's SUPPOSED to be automatic but....
Obviously, right now, it doesn't even route from 10.1.5.1 to anything.... -
Have you enable traffic to flow in the firewall rules? There is a separate FW rules section for IPSec channels.