How to let PFsense IPsec "Route Vti" interface response to PING?
-
Hi all,
I just have a Fortigate and building VPN between it.
The VPN is already up and operating well between two sites Lan subnets.
And I have a tunnel interface ip address on Fortigate as 169.254.0.1/32 while the remote tunnel interface is configured as 169.254.0.2/32 with static route also.
In the Pfsense side, I do the same reversed and confirm I am using 169.254.0.2 as source ip and able to ping the Fortigate side 169.254.0.1.
However, I can ping the 169.254.0.2 from Fortigate side.
I do confirm Fortigate is using 169.254.0.1 as src ip already from Debug level logging.
Please, someone advises how can I allow ping to the PFsense Vti interface.
-
You are using link-local APIPA addresses on that interface which are blocked by default. There is an option to allow the traffic, but it is hidden on current releases. We have added a GUI option on 2.5.0 and 2.4.5 to control it.
You can set it in the config using Diag > Command, in the PHP Execute box:
$config['system']['no_apipa_block'] = true; write_config("Do not block APIPA"); send_event("filter reload");
-
This works, thanks!