What do i have to do to see any host in the other subnet

  • hi, i've just connected a ipsec tunnel between 2 subnets and this is fine it connects perfectly , but mi question is what do i have to do now to see any host in the other subnet  ??? ; in the pfsense connects by pppoe and the wan interface has a public ip , but in the pfsense's wan interface is and has a  gateway( )that's a thomson router which  has the public ip . as well you know, i had to do port forward whit ports 50 and 500 tcp,ip to the firewall , but i don't know if a have to put some nat rules or in static routes or maybe both, please help me  ;D

  • Rebel Alliance Developer Netgate

    Just to be clear, it sounds like this:

    Site A:

    • WAN Subnet is public, PPPoE
    • LAN Subnet is 192.168.2.x

    Site B:

    • WAN Subnet is private, 192.168.1.x
    • LAN Subnet is also 192.168.1.x

    Is that right? If so, that won't work. The LAN and WAN subnets must be different at Site B, and that may be part of your problem.

    However, if the tunnel comes up OK, you may just be missing the firewall rules for IPsec. Go to Firewall > Rules, IPsec tab on both sites and add an allow all rule (or allow whatever you like) - be sure the protocol on the rule is 'any' and not TCP or else you can't ping over the tunnel.

Log in to reply