IPSec VTI pfSense 2.4.4 to pfsense 2.4.4

  • I have tunnels up, but no data is being passed
    I used
    local network: [network]
    remote network [address]

    I used the same on both sides. Is that correct, or should I make one address .1 and the other .2

    Both have interfaces (interfaces/assignments/add)
    Both have static routes, each using the assigned interface gateway.

    As I mentioned, Status/IPsec on both pfSense boxes indicates that the tunnels are 'established'. but when I try to ping from one side to the other, I get no reponse.

    I have an IPsec firewall rule that passes all IPV4 protocols.
    The doc mentions that firewall rule processing can be confusing.
    Do I need to create another IPsec firewall rule?

    Is there a step-by-step how-to on setting up VTI IPsec connections between a pair of pfSense boxes?


  • LAYER 8 Rebel Alliance

  • I have a similar problem. The tunnel VTI established ok and it works. From interface vti ipsec, I can ping to remote host. But the problem is from my interface LAN, I cannot ping from interface LAN to the remote host via ipsec VTI.

    I add rules to permit traffic from LAN to remote host ipsec vti with gateway vti, nat Outbound from LAN to remote host ipsec vti interface and cannot ping, telnet from my LAN. What is missing? I followed the documentation step by step and not working...

  • Attach screenshots.

    2019-07-10-170416_674x498_scrot.png 2019-07-10-170351_698x554_scrot.png 2019-07-10-170722_1155x189_scrot.png 2019-07-10-170657_1150x681_scrot.png 2019-07-10-170627_1153x266_scrot.png 2019-07-10-170611_1178x506_scrot.png 2019-07-10-170547_1193x839_scrot.png

    Can I help me please? I don't understanding ...

  • LAYER 8 Netgate

    Does the other side have a route back to

    You show an outbound NAT entry for but that will not cover

  • Hi, thanks for your response.

    Where do I have to put the route back to on the fw2?

  • LAYER 8 Netgate

    Just like you did for the route to except on the other side of the tunnel and for

Log in to reply