4. Multiple PFsense - IPSEC

Multiple PFsense - IPSEC

  • Z

    Hey guys,
    I am having trouble setting up an IPSEC tunnel from a PFsense that sits behind another PFsense to an external host. As you can see in my diagram, we have 2 PFsense routers. The border router (router 1) has one IPSEC tunnel setup for the local subnet. Now when I try to setup an IPSEC tunnel on Router 2, Router 1 intercepts the IPSEC traffic even though its meant for router 2.

    The other end of the IPSEC tunnel is getting:

    denied udp XXX.234.42.162(500) -> 202.73.206.209(500), 7 packets

    So it looks like router1 isn't allowing the ipsec packets through to router2 even though its all on public IP space.

    0
  • C

    you need firewall rules to allow that traffic through where it's getting blocked

    0
  • Z

    Router 1 already had all ports and IPs completely open to every subnet on Router 2. Last night i upgraded router 1 to PFsense 2.0 and switched to manual NAT and we seem to be getting somewhere.

    0
  • C

    You have to disable NAT too via outbound NAT when you're routing public IPs, on all the systems that are routing public IPs.

    0
  • Z

    @cmb:

    You have to disable NAT too via outbound NAT when you're routing public IPs, on all the systems that are routing public IPs.

    Great - good advice. I have disabled it on both routers.

    Just to summarize to everyone, after upgrading to 2.0 and disabling outbound NAT, IPSEC is passed through from Router1 to Router2.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy