Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connections from site 1 to site 2 only work partly

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 816 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yamahabest
      last edited by

      I am facing a strange issue.
      Let's first start with the setup. I have attached a drawing of the network layout.

      Settings on PFSENSE-01:

      • Only one interface: WAN
      • System/Advanced/Firewall & NAT: Disable Firewall enabled
      • Interfaces/WAN/IPv4 Upstream gateway: 172.16.1.254
      • VPN/IPsec/Tunnels/Phase 1:
        – Key Exchange version: IKEv1
        -- Interface: WAN
        -- Remote Gateway: 88.159.22.123
        -- My identifier: My IP address
        -- Peer identifier: IP address: 172.26.1.13
        -- Responder Only: Enabled (Since this one can’t initiate the connection)
      • VPN/IPsec/Tunnels/Phase 2:
        -- Mode: Tunnel IPv4
        -- Local Network: Network: 172.16.0.0/13
        -- Remote Network: Network: 172.24.0.0/13

      Settings on PFSENSE-02:

      • Only one interface: WAN
      • System/Advanced/Firewall & NAT: Disable Firewall enabled
      • Interfaces/WAN/IPv4 Upstream gateway: 172.26.1.254
      • VPN/IPsec/Tunnels/Phase 1:
        -- Key Exchange version: IKEv1
        -- Interface: WAN
        -- Remote Gateway: vpn.hostname.com
        -- My identifier: My IP address
        -- Peer identifier: IP address: 172.23.1.4
        -- Responder Only: Disabled (This one has to initiate the connection)
      • VPN/IPsec/Tunnels/Phase 2:
        -- Mode: Tunnel IPv4
        -- Local Network: Network: 172.24.0.0/13
        -- Remote Network: Network: 172.16.0.0/13

      On both routers I have added a static route:

      • ROUTER-01: Destination 172.24.0.0/13 to 172.23.1.4
      • ROUTER-02: Destination 172.16.0.0/13 to 172.26.1.13

      The tunnel comes up, and I am able to ping in both ways, e.g. I can ping the 172.26.1.254/172.26.1.12/172.26.1.254 from 172.23.1.4/172.18.1.8, and 172.23.1.4/172.18.1.8/172.16.1.254 from 172.26.1.13/172.26.1.12.
      I can also ssh, for example, from 172.26.1.12 to 172.18.1.8/172.23.1.4/172.16.1.254.

      However, I can not ssh from 172.18.1.8 to 172.26.1.12.
      But I can ssh from 172.18.1.8 to 172.26.1.13 and 172.26.1.254.

      Even from the pfsense box (172.23.1.4) I am not able to ssh to 172.26.1.12.

      I have verified that ssh is working on the 172.26.1.12, and I have also tried to browse and RDP to other machines (beside the 172.26.1.254 and 172.26.1.13), which is also not working.

      What could be causing these problems?
      Drawing1.png
      Drawing1.png_thumb

      1 Reply Last reply Reply Quote 0
      • Z
        ZPrime
        last edited by

        local firewalls on those machines not allowing traffic outside their home/LAN subnet?

        1 Reply Last reply Reply Quote 0
        • Y
          yamahabest
          last edited by

          I have just checked, and there are no firewalls enabled on those machines.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.