Site to site VPN , the pfsense behind NAT can only working with responder
I have setup few offices with PFSense and others like watchguard , Azure.
most of them are public IP address , but one PFSense is behind the NAT , I forward the port 500,4500 from router to pfsense
and configure all the site to site VPNs , they are all working well , can ping each other , all pcs in each lan can ping pcs in other lan,
but there is a really strange issue
my office , the PFSense is behind the NAT , the S2S VPN can only work when the PFSense rule as responder , if I try click "connect" from my PFsense , it show as initiator and stay in "connecting" and never get pass the phase 1.
so I have to wait for another side try contact with me. really strange, any help please?