Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN IPSEC not Working even tho Phase 1 and Phase 2 are established

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 2 Posters 828 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RaulChiarella
      last edited by

      Hello...

      I just configured a IPSEC VPN with Phase 1 and Phase 2, working.
      The Local Subnet on Phase 2 is a Virtual IP that is pointed to a internal IP of mine (Which is working, if i try to access using the Local Network - Not the IPSEC), and the remote subnet is a local IP address of the remote side.

      But even tho Phase 2 is established, it is not working.
      Please, can someone help me?

      Below some images showing the configuration:

      1. Phase 2 Configuration

      efdb330b-6235-4dac-bdf1-017dc923d4b1-image.png

      1. Ping from the Remote Subnet to Local Subnet (Not Working)

      065e71b9-2e4a-445d-9804-b8520458505f-image.png

      What could i do to understand this better?
      Is there something else i need to do in pfSense to make this work?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Those subnets look like single IP addresses and not the IP you are trying to ping.

        What IP are you trying to ping from?

        What is the P2 config there?

        Steve

        R 1 Reply Last reply Reply Quote 0
        • R
          RaulChiarella @stephenw10
          last edited by

          @stephenw10 said in VPN IPSEC not Working even tho Phase 1 and Phase 2 are established:

          Those subnets look like single IP addresses and not the IP you are trying to ping.

          What IP are you trying to ping from?

          What is the P2 config there?

          Steve

          Hi. The weirdest thing is that i can ping from inside pfSense 192.168.1.248, but from the Remote Subnet comm isnt working. Just from pfSense...

          The image is: Remote Subnet doing a ping on Local Subnet (Phase 2!)
          Ping from Local Subnet to Remote Subnet works, but the opposite doesnt.

          I'm trying to ping from 192.168.1.248 (Remote Subnet) to 172.16.250.10 (The image was 172.16.200.10 but it was a type, below a image with same result on the correct IP)

          2fec5565-1682-4f63-a894-d770994d5f0d-image.png

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            But what is the source IP address there where the ping is failing?

            What subnets are defined in the IPSec P2 config?

            R 1 Reply Last reply Reply Quote 0
            • R
              RaulChiarella @stephenw10
              last edited by

              @stephenw10 said in VPN IPSEC not Working even tho Phase 1 and Phase 2 are established:

              But what is the source IP address there where the ping is failing?

              What subnets are defined in the IPSec P2 config?

              Phase 2 is only :

              Remote Subnet: 192.168.1.248
Local Subnet: 172.16.250.10

              Ping from Local > Remote = OK.
              Ping from Remote > Local = Fail.

              stephenw10S 1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator @RaulChiarella
                last edited by

                @raulchiarella said in VPN IPSEC not Working even tho Phase 1 and Phase 2 are established:

                But what is the source IP address there where the ping is failing?

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  It looks like it isn't 192.168.1.248 because pfSense has that IP. So it doesn't match the traffic and the ping fails.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.