• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

No routing between vti tunnels

IPsec
ipsec routing vti no route
1
2
68
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    Amikhail
    last edited by Amikhail Apr 9, 2025, 3:42 PM Apr 9, 2025, 3:10 PM

    Hi all

    There are five sites connected by ipsec vti tunnels. All sites are running pfsense 2.7.2 as routers. One site is working as a vpn concentrator for other sites (branches) . Each site is able to ping the concentrator. The concentrator is able to ping every site. The problem : neigbour are unable to ping each other. Each site has firewall rule passing ipsec traffic from any to any.

    What could be the problem?

    Update: I use mtr tool to ping from one branch to another. I see response from the concentrator's side Interface of vti tunnel and the traffic stops. Seems like concentrator does not understand where to route the traffic to. But routing table is correct and contains proper routing rules

    A 1 Reply Last reply Apr 9, 2025, 4:53 PM Reply Quote 0
    • A
      Amikhail @Amikhail
      last edited by Apr 9, 2025, 4:53 PM

      Update 2: Fixed it. It is not so clear that vti interfaces ip addresses have to be routed also. To make it simple: use single /24 subnet for all vti tunnels and add this subnet to "Static routes" at every site

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.