Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Traffic will not route through site-to-site VPN

    Scheduled Pinned Locked Moved IPsec
    5 Posts 2 Posters 847 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      ctrl1122
      last edited by

      When we establish a successful VPN connection no traffic will flow through it. I have tried setting an outbound NAT rule, adding a pass any rule for the IPsec firewall, setting a static route, and set up test VPNs which have consistently reproduced the issue. I followed this guide https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-route-internet-traffic.html and traffic started flowing the way I wanted it, however this is only a proof of concept and not a solution as I only control one end of the tunnel. So I know it is in fact possible, I know others have run into the same issue and I've yet to find a solution that resolves my issue. Please let me know what more information you need from me.

      M 1 Reply Last reply Reply Quote 0
      • M Offline
        mamawe @ctrl1122
        last edited by

        @ctrl1122

        • Did you point the admin of the peer VPN gateway to the guide that you used for the proof of concept?
        • What other changes are necessary to turn the proof of concept into the production VPN?

        Kind regards,
        Mathias

        C 1 Reply Last reply Reply Quote 0
        • C Offline
          ctrl1122 @mamawe
          last edited by

          @mamawe
          Unfortunately that isn't an option, we have 10 connections that are experiencing this issue and can't ask all of them to make the changes required on their end. And not only that, I can't recreate the connection explained in the guide for some odd reason. I now get an error when setting up the phase 2 tunnel for site A: "The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in phase 1."

          M 1 Reply Last reply Reply Quote 0
          • M Offline
            mamawe @ctrl1122
            last edited by

            @ctrl1122
            I'm afraid I can't help you then.

            Did you examine the syslogs regarding the VPN? You can filter the messages so that even with 10 connections you can zoom in to the connection in question. Since the pfSense has only space for a certain amount of messages, it is a good idea to use a remote syslog server to get enough messages to analyze the problem.

            C 1 Reply Last reply Reply Quote 0
            • C Offline
              ctrl1122 @mamawe
              last edited by

              @mamawe
              Yeah the logs haven't been super helpful, without any traffic flowing there's really not much to look at. These 10 connections on the pfsense machine aren't currently active, we had to switch back to our old VPN server after we tried and failed to get traffic moving out of the tunnel.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.