Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No routing between vti tunnels

    Scheduled Pinned Locked Moved IPsec
    ipsec routingvtino route
    2 Posts 1 Posters 279 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Amikhail
      last edited by Amikhail

      Hi all

      There are five sites connected by ipsec vti tunnels. All sites are running pfsense 2.7.2 as routers. One site is working as a vpn concentrator for other sites (branches) . Each site is able to ping the concentrator. The concentrator is able to ping every site. The problem : neigbour are unable to ping each other. Each site has firewall rule passing ipsec traffic from any to any.

      What could be the problem?

      Update: I use mtr tool to ping from one branch to another. I see response from the concentrator's side Interface of vti tunnel and the traffic stops. Seems like concentrator does not understand where to route the traffic to. But routing table is correct and contains proper routing rules

      A 1 Reply Last reply Reply Quote 0
      • A
        Amikhail @Amikhail
        last edited by

        Update 2: Fixed it. It is not so clear that vti interfaces ip addresses have to be routed also. To make it simple: use single /24 subnet for all vti tunnels and add this subnet to "Static routes" at every site

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.