4. Connections from site 1 to site 2 only work partly

Connections from site 1 to site 2 only work partly

  • Y

    I am facing a strange issue.
    Let's first start with the setup. I have attached a drawing of the network layout.

    Settings on PFSENSE-01:

    • Only one interface: WAN
    • System/Advanced/Firewall & NAT: Disable Firewall enabled
    • Interfaces/WAN/IPv4 Upstream gateway: 172.16.1.254
    • VPN/IPsec/Tunnels/Phase 1:
      – Key Exchange version: IKEv1
      -- Interface: WAN
      -- Remote Gateway: 88.159.22.123
      -- My identifier: My IP address
      -- Peer identifier: IP address: 172.26.1.13
      -- Responder Only: Enabled (Since this one can’t initiate the connection)
    • VPN/IPsec/Tunnels/Phase 2:
      -- Mode: Tunnel IPv4
      -- Local Network: Network: 172.16.0.0/13
      -- Remote Network: Network: 172.24.0.0/13

    Settings on PFSENSE-02:

    • Only one interface: WAN
    • System/Advanced/Firewall & NAT: Disable Firewall enabled
    • Interfaces/WAN/IPv4 Upstream gateway: 172.26.1.254
    • VPN/IPsec/Tunnels/Phase 1:
      -- Key Exchange version: IKEv1
      -- Interface: WAN
      -- Remote Gateway: vpn.hostname.com
      -- My identifier: My IP address
      -- Peer identifier: IP address: 172.23.1.4
      -- Responder Only: Disabled (This one has to initiate the connection)
    • VPN/IPsec/Tunnels/Phase 2:
      -- Mode: Tunnel IPv4
      -- Local Network: Network: 172.24.0.0/13
      -- Remote Network: Network: 172.16.0.0/13

    On both routers I have added a static route:

    • ROUTER-01: Destination 172.24.0.0/13 to 172.23.1.4
    • ROUTER-02: Destination 172.16.0.0/13 to 172.26.1.13

    The tunnel comes up, and I am able to ping in both ways, e.g. I can ping the 172.26.1.254/172.26.1.12/172.26.1.254 from 172.23.1.4/172.18.1.8, and 172.23.1.4/172.18.1.8/172.16.1.254 from 172.26.1.13/172.26.1.12.
    I can also ssh, for example, from 172.26.1.12 to 172.18.1.8/172.23.1.4/172.16.1.254.

    However, I can not ssh from 172.18.1.8 to 172.26.1.12.
    But I can ssh from 172.18.1.8 to 172.26.1.13 and 172.26.1.254.

    Even from the pfsense box (172.23.1.4) I am not able to ssh to 172.26.1.12.

    I have verified that ssh is working on the 172.26.1.12, and I have also tried to browse and RDP to other machines (beside the 172.26.1.254 and 172.26.1.13), which is also not working.

    What could be causing these problems?

    0
  • Z

    local firewalls on those machines not allowing traffic outside their home/LAN subnet?

    0
  • Y

    I have just checked, and there are no firewalls enabled on those machines.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy