Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems with VPN IPSEC rules not working

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 758 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      leandro.valim
      last edited by

      Hi, i have some problems in a vpn site-to-site with a pfsense and a fortigate.

      The vpn works fine and the tunnel is up and running.

      My local network is 10.12.32.0/24 and the fortigate lan is 10.12.26.0/24

      I create some rules in Firewall/rules/ipsec

      Protocol Source Port Destination Port Gateway Queue Schedule Description Actions
      IPv4 TCP 10.12.26.21 * 10.12.32.84 * * none Easy Rule: Passed from Firewall Log View    
      IPv4 * * * * * * none    
      IPv4 TCP/UDP 10.12.26.0/24 * 10.12.32.0/24 * * none    
      IPv4 ICMP any * * * * * none

      I can ping from the 10.12.32.0 local site to the 10.12.26 remote site fine. But I can't access any TCP/UDP connection.
      In the system logs appears like the tcp packets are blocked from the remote site 10.12.26* to the local site 10.12.32.*

      Apr 10 19:12:39 IPsec Default deny rule IPv4 (1000000103)   10.12.26.21   10.12.32.84 TCP:
      Apr 10 19:12:43 IPsec Default deny rule IPv4 (1000000103)   10.12.26.21:389   10.12.32.84:52071 TCP:A

      Appears to be blocked by default rule.

      Anyone have idea ?

      1 Reply Last reply Reply Quote 0
      • L
        leandro.valim
        last edited by

        My version is the last one 2.4.3

        1 Reply Last reply Reply Quote 0
        • G
          georgeman
          last edited by

          I don't think the logs you posted are relevant to your issue, they seem to be discarded packets for expired connections or something else.

          What side are you attempting to connect to and from? I didn't get that clear. The rules on your pfSense local side look fine. If you are trying to connect from the local side to the remote and it fails, it may be a misconfig on the Fortinet side

          If it ain't broke, you haven't tampered enough with it

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.