Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 Tunnels up, only one passing traffic

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 639 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      Injector22
      last edited by

      I have 3 sites running pfSense CE (Virtualized)

      Site 10 - Hub - 10.10.10.0/24
      Site 20 - Spoke - 10.10.20.0/24
      Site 30 - Spoke - 10.10.30.0/24

      Site 10 has active tunnels with both 20 and 30. Site 20 and 10 have perfect connectivity with no issues, Site 10 and 30 however do not. From site 30 I can access the webconfigurator of site 10 but nothing else, site 10 has no access to 30 at all.

      I have been trying to get this to work for a few days but I'm getting nowhere so it's time to ask for help.

      Phase 1 and 2 are both up

      SPD show the correct subnets

      WAN FW rules allow any to any from the sites respective IPs

      IPSec Rules allow any to any

      1 Reply Last reply Reply Quote 0
      • I Offline
        Injector22
        last edited by

        Fixed. While doing a trace I realized that when a packet would leave a VM in site 10 it wouldn't make it past the core switch which does intervlan routing. I went digging into it and found out that when I was setting up the VM for site 30, interface vlan 1 on the switch received an IP from the pfSense LAN interface DHCP. So the core switch though that 10.10.30.0/24 was directly connected to VLAN1 instead of following the standard routing table.
        After flushing the IP on int vlan 1 everything started to work as expected.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.