Static route after using IPSEC

Yazur

Hello,

I want to ping from LAN 1 to LAN 3.

But it's not working, that's what I did:

PFSENSE 1:

• Add IPSEC phase 2 "LAN 1 --> LAN 3"

PFSENSE 2:

• Add IPSEC phase 2 "LAN 3 --> LAN 1".
• Add static route "LAN 3 use gateway to join PFSENSE 3".

PFSENSE 3:

• Add static route "LAN 2 use gateway to join PFSENSE 2".
• Add static route "LAN 1 use gateway to join PFSENSE 2".

-------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------

viragomann

Does PFSENSE 3 NAT on outgoing packets? This is the default behavior on WAN interface.

Yazur

@viragomann I don't understand what you mean at all.

Could you be more specific?

viragomann

@Yazur said in Static route after using IPSEC:

I don't understand what you mean at all.

As I wrote, by default pfSense does NAT on outgoing traffic to WAN, i.e. it translates the source address to the WAN address, which is desired when WAN has a public IP.
The outbound NAT settings are in Firewall > NAT > Outbound.

If you don't know how to check post a screenshot and tell the LAN3 network range.

Yazur

@viragomann

There is already outgoing NAT configured on the pfsense 3 as well as on all other pfsense.

Each pfsense is redundant with PFSYNC, CARP... So they all have a virtual IP address on each WAN. And thus a configured outgoing NAT.

Here are the outgoing NAT configurations:

Pfsense 1: "IP are private and virtual"

Pfsense 2: "IP are public and virtual"

Pfsense 3: "IP are public and virtual"

viragomann

When you ping LAN3 from LAN1 can you see the packets on pfSense 3 and do they have the correct IPs?
If yes, can you see them on the internal interface?