IPSec issues between 2 pfSense boxes.



  • Ok all, a friend and I are setting up a VPN tunnel between our places to make our lives easier. We have successfully gotten the tunnel up and running and the status page shows green, however we aren't able to ping any hosts on each others networks. He has a 192.168.111.0/24 network and I have a 10.1.0.0/16 network. I added a 192.168.111.x address to my server thinking that would fix the issue, however no dice.

    Any ideas?



  • Did you create the firewall rules? They aren't created automatically when you add a tunnel. You will need to go to the firewall rules page then click on the IPSec tab and create the rules for whatever traffic you want to pass on the tunnel.



  • Yes, I have already created all the rules.



  • 9  / 10 this will be a NAT issue. Verify your NAT Statements and make sure its not being natted before traversing the tunnel



  • @C7J0yC3:

    I added a 192.168.111.x address to my server thinking that would fix the issue, however no dice.

    That will prevent it from working as it breaks proper routing between the networks, don't do that. Verify your IPsec rules, check firewall logs to see if you set them up wrong and are blocking the traffic.

    @voona:

    9  / 10 this will be a NAT issue. Verify your NAT Statements and make sure its not being natted before traversing the tunnel

    Not true, NAT has no relevance, IPsec picks it up first.



  • Ahh misread the topic thought it was to a cisco box for some reason.

    My bad



  • Here is a screenshot of the IPSec rule

    We want all traffic to be able to pass through this VPN (we know the risks etc) so that's why I have basically a pass all rule.


Log in to reply