PfSense Can't ping across tunnel but devices behind pfSense can.

AuZZZie

I have an IPSEC tunnel to a Cisco ASA 5510 at the Headend from my pfSense box and it works fine. The problem I have is traffic from the pfSense box itself cannot go across the tunnel. Anything behind pfSense can ping across but not the firewall itself.

Any ideas?

Stephane

Hi AuZZZie,

Is your pfsense ip address included in the protected traffic ?
If possible, could you provide more information about your configuration (pfsense version, pfsense lan address, protected local and remote subnet, …)

Stephane

AuZZZie

Thanks.

I'm using the latest 2.0 Final Release. Just installed. Basic 2 WAN/LAN interface config. No rules or anything in place at this time.

IPSEC Tunnel is for my entire 192.168.10.0/24 subnet which does include the pfSense box. I have multiple Phase 2 entries for the different subnets on the remote end which also works fine. But again the pfSense box itself cannot ping remote hosts, only nodes behind my pfSense box.

The hole reason I want this is so I can use conditional dns forwarders on the pfSense box and send requests for certain domains to a DNS server on the other end of the tunnel.

jimp

Might be this, which is documented in the FAQ on the Doc Wiki

http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

AuZZZie

Awesome mate. That worked perfect. I did search I swear I just didn't come across that link.

Appreciate it.