How to let PFsense IPsec "Route Vti" interface response to PING?

  • Hi all,

    I just have a Fortigate and building VPN between it.

    The VPN is already up and operating well between two sites Lan subnets.

    And I have a tunnel interface ip address on Fortigate as while the remote tunnel interface is configured as with static route also.

    In the Pfsense side, I do the same reversed and confirm I am using as source ip and able to ping the Fortigate side

    However, I can ping the from Fortigate side.

    I do confirm Fortigate is using as src ip already from Debug level logging.

    Please, someone advises how can I allow ping to the PFsense Vti interface.

  • Rebel Alliance Developer Netgate

    You are using link-local APIPA addresses on that interface which are blocked by default. There is an option to allow the traffic, but it is hidden on current releases. We have added a GUI option on 2.5.0 and 2.4.5 to control it.

    You can set it in the config using Diag > Command, in the PHP Execute box:

    $config['system']['no_apipa_block'] = true;
    write_config("Do not block APIPA");
    send_event("filter reload");

  • @jimp

    This works, thanks!

    alt text

Log in to reply