Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Connections from site 1 to site 2 only work partly

    IPsec
    2
    3
    509
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yamahabest last edited by

      I am facing a strange issue.
      Let's first start with the setup. I have attached a drawing of the network layout.

      Settings on PFSENSE-01:

      • Only one interface: WAN
      • System/Advanced/Firewall & NAT: Disable Firewall enabled
      • Interfaces/WAN/IPv4 Upstream gateway: 172.16.1.254
      • VPN/IPsec/Tunnels/Phase 1:
        – Key Exchange version: IKEv1
        -- Interface: WAN
        -- Remote Gateway: 88.159.22.123
        -- My identifier: My IP address
        -- Peer identifier: IP address: 172.26.1.13
        -- Responder Only: Enabled (Since this one can’t initiate the connection)
      • VPN/IPsec/Tunnels/Phase 2:
        -- Mode: Tunnel IPv4
        -- Local Network: Network: 172.16.0.0/13
        -- Remote Network: Network: 172.24.0.0/13

      Settings on PFSENSE-02:

      • Only one interface: WAN
      • System/Advanced/Firewall & NAT: Disable Firewall enabled
      • Interfaces/WAN/IPv4 Upstream gateway: 172.26.1.254
      • VPN/IPsec/Tunnels/Phase 1:
        -- Key Exchange version: IKEv1
        -- Interface: WAN
        -- Remote Gateway: vpn.hostname.com
        -- My identifier: My IP address
        -- Peer identifier: IP address: 172.23.1.4
        -- Responder Only: Disabled (This one has to initiate the connection)
      • VPN/IPsec/Tunnels/Phase 2:
        -- Mode: Tunnel IPv4
        -- Local Network: Network: 172.24.0.0/13
        -- Remote Network: Network: 172.16.0.0/13

      On both routers I have added a static route:

      • ROUTER-01: Destination 172.24.0.0/13 to 172.23.1.4
      • ROUTER-02: Destination 172.16.0.0/13 to 172.26.1.13

      The tunnel comes up, and I am able to ping in both ways, e.g. I can ping the 172.26.1.254/172.26.1.12/172.26.1.254 from 172.23.1.4/172.18.1.8, and 172.23.1.4/172.18.1.8/172.16.1.254 from 172.26.1.13/172.26.1.12.
      I can also ssh, for example, from 172.26.1.12 to 172.18.1.8/172.23.1.4/172.16.1.254.

      However, I can not ssh from 172.18.1.8 to 172.26.1.12.
      But I can ssh from 172.18.1.8 to 172.26.1.13 and 172.26.1.254.

      Even from the pfsense box (172.23.1.4) I am not able to ssh to 172.26.1.12.

      I have verified that ssh is working on the 172.26.1.12, and I have also tried to browse and RDP to other machines (beside the 172.26.1.254 and 172.26.1.13), which is also not working.

      What could be causing these problems?

      1 Reply Last reply Reply Quote 0
      • Z
        ZPrime last edited by

        local firewalls on those machines not allowing traffic outside their home/LAN subnet?

        1 Reply Last reply Reply Quote 0
        • Y
          yamahabest last edited by

          I have just checked, and there are no firewalls enabled on those machines.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy