Another ipsec up but no traffic pfsense to pfsense

jdetmold

i have an ipsec tunnel up from my house to a friends house pfsense 2.0rc1 to pfsense 2.0rc1 and it works great!

however setting up a tunnel from my house to the office pfsense 2.0rc1 to pfsense 2.0rc1 the connection goes up but i am unable to ping through the tunnel
I have set up a pass all rule on the ipsec firewall tab (not just tcp but all).

the network looks like this.

myhouse:
cable modem > pfsense > network 192.168.1.1/24
office:
cable modem > pfsense > network 192.168.0.1/24

if i do a packet capture of the ipsec interfaces on both pfsense boxes and ping from my laptop on my home network to the remote pfsense box (or any pc on that network) i get the following response

my home pfsense box:


19:18:30.834293 (authentic,confidential): SPI 0x0b5c4d16: IP 192.168.1.1 > 192.168.0.1: ICMP echo request, id 27572, seq 0, length 64
19:18:31.836629 (authentic,confidential): SPI 0x0b5c4d16: IP 192.168.1.1 > 192.168.0.1: ICMP echo request, id 27572, seq 1, length 64
19:18:32.846622 (authentic,confidential): SPI 0x0b5c4d16: IP 192.168.1.1 > 192.168.0.1: ICMP echo request, id 27572, seq 2, length 64
19:18:33.856629 (authentic,confidential): SPI 0x0b5c4d16: IP 192.168.1.1 > 192.168.0.1: ICMP echo request, id 27572, seq 3, length 64
19:18:34.866650 (authentic,confidential): SPI 0x0b5c4d16: IP 192.168.1.1 > 192.168.0.1: ICMP echo request, id 27572, seq 4, length 64
19:18:35.876658 (authentic,confidential): SPI 0x0b5c4d16: IP 192.168.1.1 > 192.168.0.1: ICMP echo request, id 27572, seq 5, length 64
19:18:36.886665 (authentic,confidential): SPI 0x0b5c4d16: IP 192.168.1.1 > 192.168.0.1: ICMP echo request, id 27572, seq 6, length 64
19:18:37.896673 (authentic,confidential): SPI 0x0b5c4d16: IP 192.168.1.1 > 192.168.0.1: ICMP echo request, id 27572, seq 7, length 64
19:18:38.906685 (authentic,confidential): SPI 0x0b5c4d16: IP 192.168.1.1 > 192.168.0.1: ICMP echo request, id 27572, seq 8, length 64
19:18:39.916698 (authentic,confidential): SPI 0x0b5c4d16: IP 192.168.1.1 > 192.168.0.1: ICMP echo request, id 27572, seq 9, length 64

office pfsense box:

and it looks the same if i ping from the office to my home as well nothing shows up on the other end

if i was diagnosing this my first question would be "do you have an ipsec firewall rule" but i do on both boxes the firewall rule is attached.

any ideas? anything else to try? anymore information needed?
![Screen shot 2011-03-03 at 7.33.58 PM.png_thumb](/public/imported_attachments/1/Screen shot 2011-03-03 at 7.33.58 PM.png_thumb)
![Screen shot 2011-03-03 at 7.33.58 PM.png](/public/imported_attachments/1/Screen shot 2011-03-03 at 7.33.58 PM.png)

jdetmold

anyone? ;D

psylo

The code box for the office pfsense is empty. Does it mean nothing is seen on the capture?

jdetmold

sure does nothing shows up at all

psylo

What is the exact command you've used to capture traffic?

jdetmold

i just used the gui

eureka

Hi,
Can you take a SS of both of your configs or write them out here?
Sounds like its probably a subnet thing or possibly another problem.
Also.. Are there any errors in the logs under the Status->System Logs -> IPsec section?

-E