Tunnel accessible one way
I have a nice IPSec tunnel setup between pfsense and monowall at 2 locations connected through 1 connection. Recently I installed another provider at the pfsense side and I am doing a load balanced connection. Since I have I can not access my remote location (monowall side) since I have done this. Yet I some servers doing DFS replication CAN access through the tunnel to my other location. From the remote location I can access everything on the other side no issues. I have a feeling its an issue where I am being routed to a bad location?
Is there anything I should set on my local lan so that it routes all the remote subnet to the correct connection? Obviously the IPSec tunnel is connecting to 1 ISP no failover or anything yet.
(Loabalance WAN1, WAN2)
So long story short when on the 220.127.116.11 subnet I can not access the 10.0.0.0 subnet. I can visa versa. Is it because my local traffic is being load balanced to the wrong WAN interface? What is the fix?
1. Traceroute to a host on the other end of the tunnel.
2. Double check firewall rules on each end of the tunnel and ensure that it is allowing the traffic.
Add a firewall rule like this at the loadbalancing pfSense (top of the firewallrules):
pass, protocol any, source lan subnet, destination network 10.0.0.0/24, gateway default
This will fix it.