Multiple PFsense - IPSEC



  • Hey guys,
    I am having trouble setting up an IPSEC tunnel from a PFsense that sits behind another PFsense to an external host. As you can see in my diagram, we have 2 PFsense routers. The border router (router 1) has one IPSEC tunnel setup for the local subnet. Now when I try to setup an IPSEC tunnel on Router 2, Router 1 intercepts the IPSEC traffic even though its meant for router 2.

    The other end of the IPSEC tunnel is getting:

    denied udp XXX.234.42.162(500) -> 202.73.206.209(500), 7 packets

    So it looks like router1 isn't allowing the ipsec packets through to router2 even though its all on public IP space.



  • you need firewall rules to allow that traffic through where it's getting blocked



  • Router 1 already had all ports and IPs completely open to every subnet on Router 2. Last night i upgraded router 1 to PFsense 2.0 and switched to manual NAT and we seem to be getting somewhere.



  • You have to disable NAT too via outbound NAT when you're routing public IPs, on all the systems that are routing public IPs.



  • @cmb:

    You have to disable NAT too via outbound NAT when you're routing public IPs, on all the systems that are routing public IPs.

    Great - good advice. I have disabled it on both routers.

    Just to summarize to everyone, after upgrading to 2.0 and disabling outbound NAT, IPSEC is passed through from Router1 to Router2.


Log in to reply