Clients in OPT1 network not reachable through tunnel
OM606 last edited by
I have two pfsense which are connected through a IPSec VPN.
On site-A everything works fine. This means if send a ping from site-B to site-A i can reach every client which is in the LAN of site-A through the IPSec tunnel.
But the clients which are on site-B in the OPT1 network can not be reached through ping from any LAN client on site-A. However, the OPT1 interface IP can be reached through ping from LAN site-A.
could it be a routing problem so SiteB does not know on which interface to send out packets for the network OPT1?
Firewall is open (any-any-any) on all involved interfaces.
Strangely, when i configured the VPN with OpenVPN instead of IPSec (which i did first) i had exactly the same problem.
How can i analyze this problem?
Regards and thanks,
Konstanti last edited by Konstanti
First of all,I would check the rules on the interface Lan Site A
Is there any floating rules PF SiteA?
I would check so :
you start ping 192.168.30.0 / 24 -- > 10.10.10.0/24 (not IP OPT1 Site B)
1.Site A (Diagnostics / packet capture)
Address Family IPV4
Host IP address of the second side of the tunnel
Show me what happens at this moment
Ideally , you should see the IP packet exchange with the other side of the tunnel .
Now me interests, whether leave IP packets towards SiteB .
If you can ping the far side pfSense interface address but not the hosts behind it it is almost always a firewall on the target host itself (think windows firewall).
That or their default gateway is not the pfSense firewall. Since traffic works the other way that pretty much rules that out.