Tunnel accessible one way

  • I have a nice IPSec tunnel setup between pfsense and monowall at 2 locations connected through 1 connection.  Recently I installed another provider at the pfsense side and I am doing a load balanced connection.  Since I have I can not access my remote location (monowall side) since I have done this.    Yet I some servers doing DFS replication CAN access through the tunnel to my other location.    From the remote location I can access everything on the other side no issues.  I have a feeling its an issue where I am being routed to a bad location?

    Is there anything I should set on my local lan so that it routes all the remote subnet to the correct connection?  Obviously the IPSec tunnel is connecting to 1 ISP no failover or anything yet.

    Monowall (
    PFSense (WAN1)
    (Loabalance WAN1, WAN2)
    LAN (

    So long story short when on the subnet I can not access the subnet.  I can visa versa.    Is it because my local traffic is being load balanced to the wrong WAN interface?  What is the fix?


  • 1. Traceroute to a host on the other end of the tunnel.
    2. Double check firewall rules on each end of the tunnel and ensure that it is allowing the traffic.

  • Add a firewall rule like this at the loadbalancing pfSense (top of the firewallrules):
    pass, protocol any, source lan subnet, destination network, gateway default

    This will fix it.

Log in to reply