Pfsense traceroute hop unreachable through IPSEC
-
I'm observing a behavior that I cannot understand. I have the following pretty simple IPSEC setup:
192.168.2.0/24 (P2) === X.X.X.X (P1) … Y.Y.Y.Y (P1) === 172.21.140.0/24 (P2)
The X.X.X.X and Y.Y.Y.Y addresses are both public. Behind them are both private networks 172.21.140.0/24 and 192.168.2.0/24.
Here are a couple of traceroute results from both private networks to IPs belonging to the other private network respectively:
from 172.21.140.101:
traceroute to 192.168.2.166 (192.168.2.166), 30 hops max, 60 byte packets
1 172.21.140.2 (172.21.140.2) 0.468 ms 0.644 ms 0.840 ms
2 * * *
3 192.168.2.166 (192.168.2.166) 3.434 ms 3.484 ms 3.663 msfrom 192.168.2.166:
traceroute to 172.21.140.101 (172.21.140.101), 30 hops max, 60 byte packets
1 192.168.2.2 (192.168.2.2) 0.227 ms 0.209 ms 0.201 ms
2 * * *
3 172.21.140.101 (172.21.140.101) 4.495 ms 4.499 ms 4.494 msIt can be seen that the remote pfSense's hop is unreachable in both directions. Is this a normal behavior and is there something that can be done setting-wise in order to actually get a result from the remote pfSense's hop?
I apologize if this has been asked and explained before, but I tried searching and most of the questions connected with mine were more complicated than my simple scenario.