Multiple PFsense - IPSEC



  • Hey guys,
    I am having trouble setting up an IPSEC tunnel from a PFsense that sits behind another PFsense to an external host. As you can see in my diagram, we have 2 PFsense routers. The border router (router 1) has one IPSEC tunnel setup for the local subnet. Now when I try to setup an IPSEC tunnel on Router 2, Router 1 intercepts the IPSEC traffic even though its meant for router 2.

    The other end of the IPSEC tunnel is getting:

    denied udp XXX.234.42.162(500) -> 202.73.206.209(500), 7 packets

    So it looks like router1 isn't allowing the ipsec packets through to router2 even though its all on public IP space.



  • you need firewall rules to allow that traffic through where it's getting blocked



  • Router 1 already had all ports and IPs completely open to every subnet on Router 2. Last night i upgraded router 1 to PFsense 2.0 and switched to manual NAT and we seem to be getting somewhere.



  • You have to disable NAT too via outbound NAT when you're routing public IPs, on all the systems that are routing public IPs.



  • @cmb:

    You have to disable NAT too via outbound NAT when you're routing public IPs, on all the systems that are routing public IPs.

    Great - good advice. I have disabled it on both routers.

    Just to summarize to everyone, after upgrading to 2.0 and disabling outbound NAT, IPSEC is passed through from Router1 to Router2.


Locked