Routing issue with IPSec Site to Site tunnel

TomS

Hi there,

I have a strange phenomenon on my pfSense box:
I am working in a company with several branch offices. Two of the offices are connected with one another using a site to site IPSec VPN tunnel. (The tunnel is established between a pfSense box and a Sophos UTM device.) Basically, routing is working fine - at least when using the automatically generated (hidden) routes into the two office networks. Hosts on both networks can see each other.
Now I want to define a host in the remote network as default gateway for traffic coming from a specific interface.
That means:
Traffic from net1, net2, net3 and net4 should use 192.168.123.1 as default route into the Internet (this IP address can be reached via net6).
Traffic coming from net5 should use 172.10.10.1 as default gateway, which is on the remote network and can be reached over the IPSec site-to-site tunnel whose local endpoint is also the net6 network interface.

Unfortunately, this does not work as expected and I don't even know, why…
I assume that's some pfSense configuration issue.

What I don't understand in particular:
ping 172.10.10.1 works when issuing on a host in the local subnet. (As mentioned, 172.10.10.1 is a host on the remote network.)
But when issuing the same command on the pfSense, I do not get a response.
Does anyone have a clue why?

Your thoughts are highly appreciated!

Best regards,
TomS