Help Pfsense question
-
Pfsense ipsec, only one vlan from local network can access the vlans on remote network same on the other IPsec side, only VLAN 2 (PFSense VLAN) can access.
-
@Lexgo Show your firewall rules for a non-working VLAN.
Does any software firewall on devices on the remote network allow connections from the source VLAN?
All networks have unique subnets?
-
What's the actual question here? You expect all VLANs on both sides of the IPSec tunnel to be able to connect?
What sort of IPSec is it? In Tunnel/policy mode you would need a Phase2 entry to cover each connection.
-
@stephenw10 yup a tunnel. Correct all VLANs on both sides that is declared on phase 2 be able to connect. Also firewall rules set to any any. As of now only one vlan (PFsense vlan) can access all the subnet on the other side.
-
OK so how are you testing?
Do you see states being created?
Do you packets on the counters for the IPSec status?
Are all the P2s up? Or maybe you have a single P2 covering all the subnets?
Is this pfSense at both ends?
We are going to need a lot more details here to diagnose this.
-
@stephenw10 Yes P2s are up and both sides running pfsense, P2 config local subnet 10.7.0.0/16 remote 10.6.2.0 to 10.6.4.0/24. Firewalls rules for lan and ipsec are set to any any.
-
So like 3 P2s? All up? What traffic does work?
When I'm trouble shooting this I first check the packet counters on the P2s at each end that should be carrying the traffic. If neither is incrementing then traffic probably isn't matching or is blocked or misrouted at the sending end.
-
@stephenw10
here's the P2 config vlan 2-5 can access both ends but vlan6-9 can't access any vlan. -
Hmm, well those P2s don't match so if one side tries to open a P2 with a /16 defined the other side will reject it.
You should see a bunch of errors in the logs for that though. And I wouldn't expect to see the P2s come up in the status.
