IPSec VTI routing issue
-
Hello, I have a similiar IPSec VTI issue like this one: https://forum.netgate.com/topic/180158/strange-vti-routing-issue
Here is my setup
.The routed (VTI) ipsec setup is based on https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routed-vti.html
I have static routes on Site A and Site B pointing each other and access between the two sites works fine. The only thing which does not work: i cannot tracerotue Pfsense A from Site B and Pfsense B from Site A (though I can ping them)
Now from time to time some of the clients on site B have to use the internet gateway on site A. For this i have a firewall rule on Pfsense B:
Action:pass Interface. lan Address Family: IPv4 Protocol: Any Source: Single host and IP address of the host Destination: Any Under advanced settings: Gateway: IPSEC interface (which is defined under System/Routing/Gateways)And here is the main issue: Most sites work as expected, however there a few sites which I can reach from Site A and can also reach from Site B via the local WAN gateways. However if the trafic is routed via the ipsec tunnel from Site B and access the internet on Site A these sites became unreachable....
Any ideas what can cause this behaviour?