Are your IPsec site-to-site work fine?



  • I use pfsense 2.0-RC2 [(i386) built on Wed Jun 8 17:55:26 EDT 2011]  and another VPN Gateway connect to IPSEC tunnel as fllowing:
            192.168.18.0/24–-- pfsense 2.0 <------------> other VPN Gateway------192.168.2.0/24
                                     +  (192.168.18.1)                       192.168.2.1        +
                                     |                                                                     |
                                    pc1(192.168.18.45)                                             pc2(192.168.2.231)
    the IPSec tunnel can connect normal as pfsense show, and the status show the tunnel is online, in pc1 (192.168.18.45)  I  can ping success pc2(192.168.2.231) and 192.168.2.1, but, from pc2 (192.168.2.231), I can't ping success pc1 and pfsense 2.0, in the firewalll rule, I add "ipsec" rule  any to any is pass, in system log, I find the icmp from 192.168.2.231 to 192.168.18.45 is block, I don't know why pfsense2.0 block packet. guys, are your ipsec site2site work fine?
                   ID Proto Source Port Destination Port Gateway Queue Schedule Description    
     ipsec rule: *  *  *  *  *  WAN  none      
    system log:     pass   Jun 14 15:51:37 LAN   192.168.18.45    192.168.2.231  ICMP
                       block  Jun 14 15:52:47 enc0   192.168.2.231    192.168.18.45  ICMP



  • My site-to-site works fine.  I did have to add allow rules for traffic going from Site A (ASG 220) going to Site B (pfsense 2.0 RC2).  You might want to look at the firewall log to see if packets are getting dropped on the pfsense side.



  • @mmiller:

    My site-to-site works fine.  I did have to add allow rules for traffic going from Site A (ASG 220) going to Site B (pfsense 2.0 RC2).  You might want to look at the firewall log to see if packets are getting dropped on the pfsense side.

    The first, thank you very much!
    yes, in pfsense 2.0 rc2, I add rules in "ipsec" table  to allow all traffic in and out, but in firewall log I can see the incoming traffic is block!
    –-----------------------
    I modify the ipsec rules to      pass  any  any to lansubnet
                                            pass  any  lan to any
    now it can work!



  • Sorry I was doing to many thing at the same time.  While trying to formulate my last post.  I should have said to add rules to the IPsec filters and the Lan filters.  I'm glad to hear that your now working.


Locked