PFSence and Zabbix Agent via IPSec
-
I have a network (A) with a Zabbix Server that has VPN connections via PFSense IPSec too three other networks. Two of these networks (B&C) use manual outbound NAT and one (D) uses the automatic outbound rules as it only has one public IP address. I have set up the zabbix agent on all four PFSense boxes to use port 10050 to contact the Zabbix server on Network A. The PFSense box on Network D works without a problem (and I have the proxy agent setup and monitoring other hosts on this network). The other PFSense boxes (Network A, B and C) can not communicate with the Zabbix server. I have set up Firewall logging on the A network and I can see the PFSense boxes on networks B&C trying to contact the Zabbix server via port 10050 and using their public IP address but while the firewall rules let the packets pass, the status is TCP:S (which means that it is trying to establish a connection). I can find no entries in the log for the connections from Network A (which should just be a Lan-Lan connection) or from Network D. Other hosts on Network A can establish connections with the Zabbix server so I don't believe it is a Zabbix problem. Since it works from the PFSense box that doesn't have manual outbound NAT rules, I have been looking there for answers. I've spend two days changing rules and assigning interfaces to no avail. Any ideas where I should look next?
-
Resolved. I had a static routes in place so that packets would route between the various firewalls (as per 13.4.4 in the guide book) Once I removed those (coupled with a better understanding of how the agent was communicating with the server and things are now working)