Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec problem with one-way traffic flow

    IPsec
    2
    4
    56
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      crosstheroad
      last edited by crosstheroad

      Hi everyone,

      I have set up a tunnel between two 2.7.2CE VM's:

      111528e1-5c6a-472d-9475-9a3e69c49be5-image.png

      On SiteA pfSense is the primary gateway.
      On SiteB pfSense is not the primary gateway.

      P1 and P2 comes up but I can only get traffic to flow from the 172.16.136.0/24 side to the 10.12.105.0/24 side.

      I can ping:
      172.16.136.20 to 10.12.105.10
      172.16.136.14 to 10.12.105.10
      10.12.105.10 to 172.16.136.20

      I cannot ping:
      10.12.105.10 to 172.16.136.1
      10.12.105.10 to 172.16.136.14

      My firewall rules right now are Allow Any on all interfaces.

      It seems like I am missing something really basic.,.
      Hopefully someone can point me in the right direction.

      Thanks!

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @crosstheroad
        last edited by

        @crosstheroad said in IPSec problem with one-way traffic flow:

        On SiteA pfSense is the primary gateway.
        On SiteB pfSense is not the primary gateway.

        P1 and P2 comes up but I can only get traffic to flow from the 172.16.136.0/24 side to the 10.12.105.0/24 side.

        So I assume, you have added static routes for site A subnet at B.
        How did you do this?

        C 1 Reply Last reply Reply Quote 0
        • C
          crosstheroad @viragomann
          last edited by crosstheroad

          @viragomann
          Thanks for the reply.
          I have not configured any static routes on the pfSense VM's.
          I figured since traffic flowed without static routes from B to A that the opposite would be true as well.

          On the 172.16.136.14 VM I have added a static route in the OS for traffic destined for 10.12.105.0/24 to route through 172.16.136.20 (instead of the default gateway 172.16.136.1)
          I have also added a static route on the 10.12.105.10 VM since it is connected to multiple networks, but can still only reach the site B pfSense LAN IP address and nothing else on that subnet.

          What routes should I configure in the pfSense machines?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @crosstheroad
            last edited by

            @crosstheroad said in IPSec problem with one-way traffic flow:

            On the 172.16.136.14 VM I have added a static route in the OS for traffic destined for 10.12.105.0/24 to route through 172.16.136.20 (instead of the default gateway 172.16.136.1)
            I have also added a static route on the 10.12.105.10 VM since it is connected to multiple networks, but can still only reach the site B pfSense LAN IP address and nothing else on that subnet.

            You should at least be able to reach 172.16.136.14, which has the static route set.
            If the machine doesn't respond though, it probably blocks access from outside of its local subnet by its own firewall.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.