PFSence and Zabbix Agent via IPSec

  • I have a network (A) with a Zabbix Server that has VPN connections via PFSense IPSec too three other networks.  Two of these networks (B&C) use manual outbound NAT and one (D) uses the automatic outbound rules as it only has one public IP address.  I have set up the zabbix agent on all four PFSense boxes to use port 10050 to contact the Zabbix server on Network A.  The PFSense box on Network D works without a problem (and I have the proxy agent setup and monitoring other hosts on this network).  The other PFSense boxes (Network A, B and C) can not communicate with the Zabbix server.  I have set up Firewall logging on the A network and I can see the PFSense boxes on networks B&C trying to contact the Zabbix server via port 10050 and using their public IP address but while the firewall rules let the packets pass, the status is TCP:S (which means that it is trying to establish a connection).  I can find no entries in the log for the connections from Network A (which should just be a Lan-Lan connection) or from Network D.  Other hosts on Network A can establish connections with the Zabbix server so I don't believe it is a Zabbix problem.  Since it works from the PFSense box that doesn't have manual outbound NAT rules, I have been looking there for answers.  I've spend two days changing rules and assigning interfaces to no avail.    Any ideas where I should look next?

  • Resolved.  I had a static routes in place so that packets would route between the various firewalls (as per 13.4.4 in the guide book)  Once I removed those (coupled with a better understanding of how the agent was communicating with the server and things are now working)