VPN IPSEC routing problem

gset777 · Jun 8, 2006, 7:00 PM

the case: NetA is 10.231.0.0/24 <pfsense>behind a router (192.168.0.0/24) <-> Dyn IP (86.xxx.xxx.220)
NetB is 190.1.1.0/24 <pfsense><-> public IP (83.xxx.xxx.19)

When i ping the lan Interface of NetB (190.1.1.245) from NetA (10.231.0.200), the tunnel is established but no ping !

The Log said this :
racoon: INFO: respond new phase 2 negotiation: 83.xxx.xxx.19[0]<=>86.201.1.220[0]
racoon: INFO: Update the generated policy : 10.231.0.0/24[0] 190.1.1.0/24[0] proto=any dir=in
racoon: INFO: IPsec-SA established: ESP/Tunnel 86.xxx.xxx.220[0]->83.xxx.xxx.19[0] spi=243024623(0xe7c42ef)
racoon: INFO: IPsec-SA established: ESP/Tunnel 83.xxx.xxx.19[0]->86.xxx.xxx.220[0] spi=124153723(0x7666f7b)
racoon: ERROR: such policy does not already exist: "10.231.0.0/24[0] 190.1.1.0/24[0] proto=any dir=in"
racoon: ERROR: such policy does not already exist: "190.1.1.0/24[0] 10.231.0.0/24[0] proto=any dir=out"

An Idea ? ???</pfsense></pfsense>

hoba · Jun 18, 2006, 10:57 AM

Make sure the router the pfSense is behind doesn't break things. You should have the pfSense directly at the WAN.