Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense Can't ping across tunnel but devices behind pfSense can.

    Scheduled Pinned Locked Moved IPsec
    5 Posts 3 Posters 9.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AuZZZie
      last edited by

      I have an IPSEC tunnel to a Cisco ASA 5510 at the Headend from my pfSense box and it works fine. The problem I have is traffic from the pfSense box itself cannot go across the tunnel. Anything behind pfSense can ping across but not the firewall itself.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • S
        Stephane
        last edited by

        Hi AuZZZie,

        Is your pfsense ip address included in the protected traffic ?
        If possible, could you provide more information about your configuration (pfsense version, pfsense lan address, protected local and remote subnet, …)

        Stephane

        1 Reply Last reply Reply Quote 0
        • A
          AuZZZie
          last edited by

          Thanks.

          I'm using the latest 2.0 Final Release. Just installed. Basic 2 WAN/LAN interface config. No rules or anything in place at this time.

          IPSEC Tunnel is for my entire 192.168.10.0/24 subnet which does include the pfSense box. I have multiple Phase 2 entries for the different subnets on the remote end which also works fine. But again the pfSense box itself cannot ping remote hosts, only nodes behind my pfSense box.

          The hole reason I want this is so I can use conditional dns forwarders on the pfSense box and send requests for certain domains to a DNS server on the other end of the tunnel.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Might be this, which is documented in the FAQ on the Doc Wiki

            http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • A
              AuZZZie
              last edited by

              Awesome mate. That worked perfect. I did search I swear I just didn't come across that link.

              Appreciate it.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.