Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Site to Site VPN established but no traffic

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thr001
      last edited by

      Hi, a new pfSense user here.

      Our company just switched to a new router with pfSense 2.3.2-RELEASE-p1.  We need to establish a IPsec site to site vpn connection to one of our vendors.  I'm able to establish a connection just fine but unable to pass traffic through it.  Here are the circumstance:

      Our network:
      External Gateway: 71.41.xxx.50
      Internal Network: 192.168.xxx.0/24

      Vendor network:
      Remote Gateway: 72.5.xxx.xx
      Remote Network: 100.64.xx.0/24

      The vendor indicated that they have assigned us a dedicated IP address that we'll need to Source Nat any traffic initiated from our network:
      Source Nat IP: 100.64.xxx.x

      In my phase 2 information for the IPsec setup I have the following:

      Local Network - LAN subnet
      NAT/BINAT translation - Address - 100.64.xxx.x
      Remote Network - Network - 100.64.xx.0/24

      I am able to establish a connection just fine but can't pass any traffic through the network for some reason.  The firewall IPsec rule is in place to allow all traffic through the tunnel. The SPD status for IPsec shows the source and destination for the inbound as the remote network and NAT translation address respective.  The outbound shows Source/Destination as Our Subnet/Remote Network. (Please see attached pictures).

      Is it an issue since all of the outbound traffic should be from our network to 100.64.xxx.x address and the inbound should be from the remote network 100.64.xx.0/24 to our subnet?

      We've had this connection setup and working on our older linksys router with no issues, but of course the setting was simplistic and much less secure i'm sure.

      Thank you!
      ![IPSEC Tunnel.png](/public/imported_attachments/1/IPSEC Tunnel.png)
      ![IPSEC Tunnel.png_thumb](/public/imported_attachments/1/IPSEC Tunnel.png_thumb)
      SPD.png
      SPD.png_thumb
      ![IPSec Phase 2 Setup.png](/public/imported_attachments/1/IPSec Phase 2 Setup.png)
      ![IPSec Phase 2 Setup.png_thumb](/public/imported_attachments/1/IPSec Phase 2 Setup.png_thumb)
      ![IPSec Status.png](/public/imported_attachments/1/IPSec Status.png)
      ![IPSec Status.png_thumb](/public/imported_attachments/1/IPSec Status.png_thumb)
      ![IPsec Firewall rule.png](/public/imported_attachments/1/IPsec Firewall rule.png)
      ![IPsec Firewall rule.png_thumb](/public/imported_attachments/1/IPsec Firewall rule.png_thumb)

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        That all looks fine. What firewall rules are on LAN? Are you policy routing anything?

        Look in the IPsec logs. Is it trying to bring up the Phase 2? If so, why is it failing?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • T
          terry_roman
          last edited by

          I have Same problem, with same config. there is connection but no traffic. Is there anybody who solved this problem?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.