PfSense instances communicating with each other when IPsec tunnel is in place
-
Greetings,
I have "2.4.0-BETA (amd64) built on Sat Aug 12 09:57:36 CDT 2017" installed on 3 pfSense boxes that are connected to each other with IPsec tunnels. I am having trouble communicating directly between the boxes, but not between the LAN side for the internal networks on the inside of the firewalls. I have followed the instructions here:
https://doc.pfsense.org/index.php/Why_can't_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN
but with those changes in place when I try to ping from one LAN to another I get
PING 10.0.171.1 (10.0.171.1): 56 data bytes
36 bytes from pfsense.home.ncbt.org (172.23.23.1): Redirect Host(New addr: 172.23.23.1)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 2017 0 0000 40 01 e207 172.23.23.114 10.0.171.1and pinging one router from another doesn't work at all.
What's the recommended method in 2.4 and following for connecting two LANs with IPsec but still allowing the pfSense boxes to talk to each other?
-
The ICMP redirect is normal when you have the extra gateway defined like that doc describes. That same setup works fine on 2.4 here.
How are you pinging from one firewall to another?