IPSec Site to Site VPN established but no traffic
thr001 last edited by
Hi, a new pfSense user here.
Our company just switched to a new router with pfSense 2.3.2-RELEASE-p1. We need to establish a IPsec site to site vpn connection to one of our vendors. I'm able to establish a connection just fine but unable to pass traffic through it. Here are the circumstance:
External Gateway: 71.41.xxx.50
Internal Network: 192.168.xxx.0/24
Remote Gateway: 72.5.xxx.xx
Remote Network: 100.64.xx.0/24
The vendor indicated that they have assigned us a dedicated IP address that we'll need to Source Nat any traffic initiated from our network:
Source Nat IP: 100.64.xxx.x
In my phase 2 information for the IPsec setup I have the following:
Local Network - LAN subnet
NAT/BINAT translation - Address - 100.64.xxx.x
Remote Network - Network - 100.64.xx.0/24
I am able to establish a connection just fine but can't pass any traffic through the network for some reason. The firewall IPsec rule is in place to allow all traffic through the tunnel. The SPD status for IPsec shows the source and destination for the inbound as the remote network and NAT translation address respective. The outbound shows Source/Destination as Our Subnet/Remote Network. (Please see attached pictures).
Is it an issue since all of the outbound traffic should be from our network to 100.64.xxx.x address and the inbound should be from the remote network 100.64.xx.0/24 to our subnet?
We've had this connection setup and working on our older linksys router with no issues, but of course the setting was simplistic and much less secure i'm sure.
![IPSEC Tunnel.png](/public/imported_attachments/1/IPSEC Tunnel.png)
![IPSEC Tunnel.png_thumb](/public/imported_attachments/1/IPSEC Tunnel.png_thumb)
![IPSec Phase 2 Setup.png](/public/imported_attachments/1/IPSec Phase 2 Setup.png)
![IPSec Phase 2 Setup.png_thumb](/public/imported_attachments/1/IPSec Phase 2 Setup.png_thumb)
![IPSec Status.png](/public/imported_attachments/1/IPSec Status.png)
![IPSec Status.png_thumb](/public/imported_attachments/1/IPSec Status.png_thumb)
![IPsec Firewall rule.png](/public/imported_attachments/1/IPsec Firewall rule.png)
![IPsec Firewall rule.png_thumb](/public/imported_attachments/1/IPsec Firewall rule.png_thumb)
That all looks fine. What firewall rules are on LAN? Are you policy routing anything?
Look in the IPsec logs. Is it trying to bring up the Phase 2? If so, why is it failing?
terry_roman last edited by
I have Same problem, with same config. there is connection but no traffic. Is there anybody who solved this problem?