Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

IPsec Tunnel - LAN can’t reach VPN clients

1 Posts 1 Posters 67 Views

Log in to reply

A

Alek
last edited by
Hi,

We have a site-to-site IPsec tunnel between a Fortinet firewall (remote) and our pfSense (local).

Setup:
- Remote LAN (Fortinet): 10.0.0.0/8
- Local LAN (Pfsense): 20.20.78.0/29
- VPN Server: Behind pfSense (VPN IP 20.20.78.2), running Pritunl
  Hosts VPN clients on 192.168.214.0/23 and 192.168.216.0/23
- Phase 2 entries:
  - Local: 20.20.78.0/29
  - Remote: 10.0.0.0/8
  - Same on Fortinet
What works:
- VPN clients <-> Internal LAN (10.0.0.0/8):
- VPN server <-> Internal LAN (10.0.0.0/8):
- Internal LAN Ping <-> VPN server:
What doesn’t:
- Internal LAN -> VPN clients (192.168.214.x)
  - ICMP echo seen on pfSense IPsec capture
  - Nothing seen on VPN server tun interfaces
  - Clients can reply to internal just fine (asymmetric?)
Is this a NAT or policy route issue?
Any way to SNAT/route traffic from internal -> VPN clients so replies come back through IPsec ?

Thanks !
1 Reply Last reply
Reply Quote 0

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.

1 / 1