PFSense IPsec to Sonicwall - SMB working, DNS/PING not working



  • 192.168.16.0 >< 16.1 pfsense < internet > sonicwall 44.1 >< 192.168.44.0

    Can browse shared folders over vpn just find, cannot ping across from 44 to 16 subnets.
    pfsense can ping 192.168.16.x, cannot ping 192.168.44.1

    On the PFSENSE:
    I noticed in System>General Setup, the DNS servers are all configured to public servers, eg: 8.8.8.8, 8.8.4.4
    I see that DNS Forwarder is not enabled (unchecked)
    I see that DNS Resolver is enabled (checked) and configured to listen on 53, on ALL network interfaces, sending out of ALL network interfaces. Set to Transparent with Enable DNSSEC Support checked. Nothing else is configured here, but I believe this may play a part in the issue.
    Nothing is configured in Outbound NAT
    Access rules I added specific rules  to allow traffic on all ports between each network, on the IPSec interface.

    Any advice, to get dns working between them?



  • I did just find this..

    ![blocked pings.JPG](/public/imported_attachments/1/blocked pings.JPG)
    ![blocked pings.JPG_thumb](/public/imported_attachments/1/blocked pings.JPG_thumb)


  • Netgate

    You need to pass traffic you want to pass INTO an IPsec node (as in connections from the other side) on the Firewall > Rules, IPsec tab.

    Make sure what you have there isn't set to TCP only. (DNS is usually UDP and ping is ICMP.)



  • Thanks for the reply!

    This is what I have in there right now, to no avail:

    ![access rules.JPG](/public/imported_attachments/1/access rules.JPG)
    ![access rules.JPG_thumb](/public/imported_attachments/1/access rules.JPG_thumb)


  • Galactic Empire

    You'll either need to add a rule for ICMP or change the top protocol to any if you want pings to work as per Derelicts post.

    Status -> System Logs -> Firewall -> Normal View if you click on the + it will add a rule if your not sure.