Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to let PFsense IPsec "Route Vti" interface response to PING?

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 928 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bluegrass-168B
      bluegrass-168
      last edited by

      Hi all,

      I just have a Fortigate and building VPN between it.

      The VPN is already up and operating well between two sites Lan subnets.

      And I have a tunnel interface ip address on Fortigate as 169.254.0.1/32 while the remote tunnel interface is configured as 169.254.0.2/32 with static route also.

      In the Pfsense side, I do the same reversed and confirm I am using 169.254.0.2 as source ip and able to ping the Fortigate side 169.254.0.1.

      However, I can ping the 169.254.0.2 from Fortigate side.

      I do confirm Fortigate is using 169.254.0.1 as src ip already from Debug level logging.

      Please, someone advises how can I allow ping to the PFsense Vti interface.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You are using link-local APIPA addresses on that interface which are blocked by default. There is an option to allow the traffic, but it is hidden on current releases. We have added a GUI option on 2.5.0 and 2.4.5 to control it.

        You can set it in the config using Diag > Command, in the PHP Execute box:

        $config['system']['no_apipa_block'] = true;
        write_config("Do not block APIPA");
        send_event("filter reload");
        

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        bluegrass-168B 1 Reply Last reply Reply Quote 4
        • bluegrass-168B
          bluegrass-168 @jimp
          last edited by

          @jimp

          This works, thanks!

          alt text

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.