IPSec VTI pfSense 2.4.4 to pfsense 2.4.4

bobkoure

I have tunnels up, but no data is being passed
I used
local network: [network] 172.16.85.1/30
remote network [address] 172.16.85.2

I used the same on both sides. Is that correct, or should I make one address .1 and the other .2

Both have interfaces (interfaces/assignments/add)
Both have static routes, each using the assigned interface gateway.

As I mentioned, Status/IPsec on both pfSense boxes indicates that the tunnels are 'established'. but when I try to ping from one side to the other, I get no reponse.

I have an IPsec firewall rule that passes all IPV4 protocols.
The doc mentions that firewall rule processing can be confusing.
Do I need to create another IPsec firewall rule?

Is there a step-by-step how-to on setting up VTI IPsec connections between a pair of pfSense boxes?

Thanks!

Rico

https://www.youtube.com/watch?v=AKMZ9rNQx7Y

-Rico

maykel535

I have a similar problem. The tunnel VTI established ok and it works. From interface vti ipsec, I can ping to remote host. But the problem is from my interface LAN, I cannot ping from interface LAN to the remote host via ipsec VTI.

I add rules to permit traffic from LAN to remote host ipsec vti with gateway vti, nat Outbound from LAN to remote host ipsec vti interface and cannot ping, telnet from my LAN. What is missing? I followed the documentation step by step and not working...

maykel535

Attach screenshots.

Can I help me please? I don't understanding ...

Derelict

Does the other side have a route back to 10.1.100.100?

You show an outbound NAT entry for 192.168.0.0/16 but that will not cover 10.1.100.100.

maykel535

Hi, thanks for your response.

Where do I have to put the route back to 10.1.100.100 on the fw2?

Derelict

Just like you did for the route to 10.94.37.95/32 except on the other side of the tunnel and for 10.1.100.100.