Ping remote connection from LAN
-
I have a working IPsec tunnel on PFsense Plus. Remote IP is 10.3.3.1. Local LAN IP is 192.168.100.2
What rules do I need to make a connection from the local IP to the connected IPsec tunnel IP?
Specifically I want 192.168.100.2 to be able to ping 10.3.3.1. Then I can make use of other protocols.These are the rules I currently have setup.
-
@dalicollins
Is this even possible to do? ...Anyone? -
@dalicollins It is absolutely possible to ping to the other side of your tunnel.
You need a rule on your IPsec tab to allow traffic to go down your tunnel, do you have that?
-
@geyser
Thanks for the response. The IPsec rules I show above are the only ones I setup. The second one I was hoping was the one I needed to ping the remote IP. I tried swapping the source with the destination, also tried using 10.3.3.1. How should this be setup? -
@dalicollins I think your rule is associated to the wrong interface.
Currently the rule says you can ping from LAN net to 10.3.3.0/24 but the source should be IPsec as the source I believe.
Click the IPsec tab (top of your photo) and see what rules you have there. If you have none, then you are not allowing any of your traffic out.
-
@geyser
In the IPsec rules, I did try source as 10.3.3.1 and then tried 10.3.3.0/24, left the rest as any and I still cannot ping from 192.168.100.26 to 10.3.3.1. But I can ping the other direction using the first IPsec rule above. -
@dalicollins
I am just trying to ping both ways. I can ping from the Windows client to Pfsense box, but not from the LAN on the Pfsense box to the Client. The client is on a its own dynamic IP network with a small router. The router has IPsec passthrough enabled.
I added the following IPsec rule and Phase 2 Tunnel
