IPSEC tunnel to 0.0.0.0/0 problem
-
I have setup an IPSEC tunnel from a remote site with several vlans using pfSense on vmware ESXi.
There is a tunnel from each vlan to 0.0.0.0/0 in order to forward all traffic to the central site.
The problem appears that when the tunnel is up, traffic to the vlan interface on pfsense is being dropped / discarded or perhaps trying to get pushed into the tunnel.
For instance, when the VPN is disconnected, I can ping the vlan interface on the pfSense, but once the VPN comes up, I can no longer ping the vlan interface.
It looks like candidate ipsec traffic is being grabbed as soon as it enters an interface instead of that decision being made later on.
Firewall rule has logging turned on and logs that the traffic was allowed.
The odd thing is that DHCP works even if the IPSEC tunnel is up, but ping, and DNS resolver do not.
The vlan can also reach anything on the other side of the tunnel without issue.
VLAN 1 (default) is not affected by this behavior, only the tagged VLANs.Any way to troubleshoot exactly where the traffic is being dropped?