Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSence and Zabbix Agent via IPSec

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 1 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kitdavis
      last edited by

      I have a network (A) with a Zabbix Server that has VPN connections via PFSense IPSec too three other networks.  Two of these networks (B&C) use manual outbound NAT and one (D) uses the automatic outbound rules as it only has one public IP address.  I have set up the zabbix agent on all four PFSense boxes to use port 10050 to contact the Zabbix server on Network A.  The PFSense box on Network D works without a problem (and I have the proxy agent setup and monitoring other hosts on this network).  The other PFSense boxes (Network A, B and C) can not communicate with the Zabbix server.  I have set up Firewall logging on the A network and I can see the PFSense boxes on networks B&C trying to contact the Zabbix server via port 10050 and using their public IP address but while the firewall rules let the packets pass, the status is TCP:S (which means that it is trying to establish a connection).  I can find no entries in the log for the connections from Network A (which should just be a Lan-Lan connection) or from Network D.  Other hosts on Network A can establish connections with the Zabbix server so I don't believe it is a Zabbix problem.  Since it works from the PFSense box that doesn't have manual outbound NAT rules, I have been looking there for answers.  I've spend two days changing rules and assigning interfaces to no avail.    Any ideas where I should look next?

      1 Reply Last reply Reply Quote 0
      • K
        kitdavis
        last edited by

        Resolved.  I had a static routes in place so that packets would route between the various firewalls (as per 13.4.4 in the guide book)  Once I removed those (coupled with a better understanding of how the agent was communicating with the server and things are now working)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.