Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN appears to connect but no traffic

    Scheduled Pinned Locked Moved IPsec
    7 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kens
      last edited by

      Fairly new to pfSense. I'm attempting to make a IPSEC connection to a Fortigate router that is managed by a 3rd party.

      The pfSense system is behind NAT (ESP protocol is configured) on a VM with its LAN on 10.3.0.0/24.

      The remote Fortigate's LAN is 10.0.0.0/24.

      The P1 and P2 connections appear to show connection established. However I don't see a route to 10.0.0.0/24 in the routing table of the pfSense system despite having that destination LAN declared in the P2 settings. If I try a traceroute to 10.0.0.60 (a machine I know is there) the traffic appears to go out over the WAN interface rather than being directed over the VPN.

      I saw a similar post to this one where the fix was sorting out the P2 settings. But I don't think that's the issue here.

      Any suggestions for how I go about diagnosing this?

      Many thanks

      Ken

      K 1 Reply Last reply Reply Quote 0
      • K
        kens @kens
        last edited by kens

        @kens I should say the pfSense system is 2.5.2

        I can change the pfSense system to be on a public IP if that would help

        A 1 Reply Last reply Reply Quote 0
        • C
          cswroe
          last edited by

          Is this the first IPsec connection on this firewall? If so, do you have rules in place under IPsec to allow traffic over IPsec?

          If it is going out over the WAN, I would still be inclined to check the P1 and P2 settings. If the P2 is established correctly, PFsense should route it automatically.

          Are you using the 10.0.0.0/24 elsewhere in the system?

          1 Reply Last reply Reply Quote 0
          • A
            alejjime @kens
            last edited by

            @kens When the connection attempt is made, can you see the traffic using the pfTop tool in pfSense?

            1 Reply Last reply Reply Quote 0
            • K
              kens
              last edited by

              Thank you for all the responses. It turned to be firewall policies at the 3rd party Fortigate that needed attention.

              I case any one reads this in future. This configuration has several Phase 2 entries for different subnets. To make it work the setting "Split Connections" needed enabled in the Phase 1 configuration.

              A 1 Reply Last reply Reply Quote 1
              • A
                alejjime @kens
                last edited by

                @kens said in VPN appears to connect but no traffic:

                Split Connections

                Do you refer to "Split Connections" in the 3rd party firewall or in your pfSense? I have search in the setup of Phase 1 in my pfSense 2.5.2 fw, but I have not found this parameter.

                K 1 Reply Last reply Reply Quote 0
                • K
                  kens @alejjime
                  last edited by

                  @alejjime Its on the pfSense toward the bottom of the Phase 1 page. :-)

                  Screenshot from 2021-12-14 22-58-57.png

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.