Site-to-Site IPSec Tunnel With One Dynamic IP
-
Hello,
I have two Netgates (SG-2200 (static) and SG-1100 (dynamic)) that I would to connect via a site-to-site VPN connection. I tried to follow the instructions given in another thread but a) one end was a Lancom router; and b) the instructions didn't seem to fit my Netgate (different pfsence version? I'm running 23.01). Are there any instructions available for this situation?
Thanks
-
@bert-0 Well, I sort of have it running. The P1 tunnel shows established at both ends and the P2 shows installed at both ends. Unfortunately, no traffic flows through the tunnel. Pings of remote hosts fails (request timed out) and tracert to a remote host shows a single hop to the local firewall and nothing after that.
I have both ends configured in accordance with the instructions I can find. Is there something else I need to do?
-
@bert-0 said in Site-to-Site IPSec Tunnel With One Dynamic IP:
Is there something else I need to do?
There might be nobody be able to tell you this without knowing, what you did yet.
Whatever, consider that network devices blocks access from remote site by default. You have to configure their firewall properly before to be able to access them.
-
@viragomann Ture but I just set up a basic Netgate to Netgate IPSEC VPN. Both ends report that they see each other and that the tunnel is successfully established. Yet, no traffic can go through the tunnel. If I couldn't make the connection (which was my original problem), then your comment would make sense in my case.
My suspicion at this point is that one of my ISPs is blocking the IPSEC traffic but I'm not sure how to prove that. Or, if true, why the tunnel would successfully complete in the first place.
-
@bert-0
As you wrote above, the IPSec status shows that the connection is established. So it might not be blocked at all.