Site-to-Site VPN Configuration on pfSense with Source NAT

desbravastus

Hey everyone, I need some help.

I’ve set up a site-to-site VPN with a Juniper device, but I’m running into an issue. Here are the configurations:

Peer Gateway: 17x.xx.xxx.xx4
Local Peer: 10.xxx.xxx.xx/32
Remote Peer: 10.x.x.x/8
Source NAT IP: 10.xxx.xxx.xx/32
The tunnel is configured and successfully established in both phases (IKE and IPsec). I can ping the Peer Gateway, but when trying to access the address http://10.x.x.xxx:8080, the connection doesn’t work.

Upon checking the logs, the connection state shows as CLOSED:SYN_SENT or SYN_SENT:CLOSED.

Has anyone faced a similar issue or has an idea of what might be causing this?

Any help is greatly appreciated!

viragomann

@desbravastus
There is no good reason for obscuring private IP addresses at all. Nobody is able to access it from outside your network.

Remote Peer: 10.x.x.x/8

The remote site is an /8?. Wow! Does it really accommodate as many devices?

Source NAT IP: 10.xxx.xxx.xx/32

Seems to overlap the remote network...

desbravastus

The issue was related to the port 8080 rule on the Juniper device. After making the adjustment, access was granted, and everything worked perfectly.
Thank you!