Ipsec vpn between Watchguard M300 to pfsense 2.3.4



  • I have an ipsec tunnel mounted between a M300 watchguard and a pfsense version 2.3.4

    My LAN site A: 10.0.0.0/20
    VLAN site A for the Wifi network: 192.168.8.0/26

    LAN site B: 192.168.3.0/24

    The Ipsec tunnel works very well between the 10.0.0.0/20 to the 192.168.3.0/24
    I tried to add an extra route in the existing ipsec tunnel from 192.168.8.0/26 to 192.168.3.0/24> it does not work. Side site B (pfsense version 2.3.4) I added

    Site A (watchguard M300)

    I feel that the roads are good and when I do a vpn ipsec diagnostic test:

    Tunnel Name: ovh
          tunnel route # 1 (192.168.8.0/26 <-> 192.168.3.0/24) - Not established
        Unable to find any active Phase 2 Security Associations (SAs) for tunnel route (192.168.8.0/26<-> 192.268.3.0/24).
        Recommendation: Confirmation that is currently being sent through the tunnel.
          Tunnel Road # 2 (10.0.0.0/20 <-> 192.168.3.0/24) - Established
        Incoming VPN traffic was detected for this tunnel after the diagnostic report started.
        Outgoing VPN traffic was detected for this tunnel after the diagnostic report started.
        The firewall policy "BOVPN-Allow.out-00" is matched for the outgoing traffic.
        The firewall policy "BOVPN-Allow.in-00" is matched for the incoming traffic.

    We note that the network 10.0.0.0/20 arrives to join the network 192.168.3.0/24
    On the other hand, the network 192.168.8.0/26 can not reach the network 192.168.3.0/24

    Site B ("Pfsense" version 2.3.4)

    I have the impression that the router "pfsense" does not know the route 192.168.8.0/26
    When I go to "Diagnostics>" routes
    I do not see any roads to 192.168.8.0/26, but logically, since site A knows all the roads, he should know it no?

    Do you have an idea ?

    Best regards