Problems with VPN IPSEC rules not working



  • Hi, i have some problems in a vpn site-to-site with a pfsense and a fortigate.

    The vpn works fine and the tunnel is up and running.

    My local network is 10.12.32.0/24 and the fortigate lan is 10.12.26.0/24

    I create some rules in Firewall/rules/ipsec

    Protocol Source Port Destination Port Gateway Queue Schedule Description Actions
    IPv4 TCP 10.12.26.21 * 10.12.32.84 * * none Easy Rule: Passed from Firewall Log View    
    IPv4 * * * * * * none    
    IPv4 TCP/UDP 10.12.26.0/24 * 10.12.32.0/24 * * none    
    IPv4 ICMP any * * * * * none

    I can ping from the 10.12.32.0 local site to the 10.12.26 remote site fine. But I can't access any TCP/UDP connection.
    In the system logs appears like the tcp packets are blocked from the remote site 10.12.26* to the local site 10.12.32.*

    Apr 10 19:12:39 IPsec Default deny rule IPv4 (1000000103)   10.12.26.21   10.12.32.84 TCP:
    Apr 10 19:12:43 IPsec Default deny rule IPv4 (1000000103)   10.12.26.21:389   10.12.32.84:52071 TCP:A

    Appears to be blocked by default rule.

    Anyone have idea ?



  • My version is the last one 2.4.3



  • I don't think the logs you posted are relevant to your issue, they seem to be discarded packets for expired connections or something else.

    What side are you attempting to connect to and from? I didn't get that clear. The rules on your pfSense local side look fine. If you are trying to connect from the local side to the remote and it fails, it may be a misconfig on the Fortinet side