Site to site VPN , the pfsense behind NAT can only working with responder

  • Hi,
    I have setup few offices with PFSense and others like watchguard , Azure.
    most of them are public IP address , but one PFSense is behind the NAT , I forward the port 500,4500 from router to pfsense
    and configure all the site to site VPNs , they are all working well , can ping each other , all pcs in each lan can ping pcs in other lan,

    but there is a really strange issue
    my office , the PFSense is behind the NAT , the S2S VPN can only work when the PFSense rule as responder , if I try click "connect" from my PFsense , it show as initiator and stay in "connecting" and never get pass the phase 1.

    so I have to wait for another side try contact with me.    really strange, any help please?

Log in to reply