Tunnel accessible one way



  • I have a nice IPSec tunnel setup between pfsense and monowall at 2 locations connected through 1 connection.  Recently I installed another provider at the pfsense side and I am doing a load balanced connection.  Since I have I can not access my remote location (monowall side) since I have done this.    Yet I some servers doing DFS replication CAN access through the tunnel to my other location.    From the remote location I can access everything on the other side no issues.  I have a feeling its an issue where I am being routed to a bad location?

    Is there anything I should set on my local lan so that it routes all the remote subnet to the correct connection?  Obviously the IPSec tunnel is connecting to 1 ISP no failover or anything yet.

    Monowall (10.0.0.0/24)
    |
    PFSense (WAN1)
    |
    (Loabalance WAN1, WAN2)
    |
    LAN (191.168.0.0/18)

    So long story short when on the 191.168.0.0 subnet I can not access the 10.0.0.0 subnet.  I can visa versa.    Is it because my local traffic is being load balanced to the wrong WAN interface?  What is the fix?

    Thanks



  • 1. Traceroute to a host on the other end of the tunnel.
    2. Double check firewall rules on each end of the tunnel and ensure that it is allowing the traffic.



  • Add a firewall rule like this at the loadbalancing pfSense (top of the firewallrules):
    pass, protocol any, source lan subnet, destination network 10.0.0.0/24, gateway default

    This will fix it.


Locked