Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec VTI routing issue

    Scheduled Pinned Locked Moved
    IPsec
    1
    1
    172
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      schnee
      last edited by schnee

      Hello, I have a similiar IPSec VTI issue like this one: https://forum.netgate.com/topic/180158/strange-vti-routing-issue

      Here is my setup
      https://drive.google.com/file/d/1iqKKf-LXCtZ_4CU-Wiupn3pzb4wUIB2j/view?usp=sharing.

      The routed (VTI) ipsec setup is based on https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routed-vti.html

      I have static routes on Site A and Site B pointing each other and access between the two sites works fine. The only thing which does not work: i cannot tracerotue Pfsense A from Site B and Pfsense B from Site A (though I can ping them)

      Now from time to time some of the clients on site B have to use the internet gateway on site A. For this i have a firewall rule on Pfsense B:

      Action:pass
Interface. lan
Address Family: IPv4
Protocol: Any
Source: Single host and IP address of the host
Destination: Any
Under advanced settings:
Gateway: IPSEC interface (which is defined under System/Routing/Gateways)

      And here is the main issue: Most sites work as expected, however there a few sites which I can reach from Site A and can also reach from Site B via the local WAN gateways. However if the trafic is routed via the ipsec tunnel from Site B and access the internet on Site A these sites became unreachable....

      Any ideas what can cause this behaviour?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post