Can ping routers but NOT computers on IPSec tunnel remote sites



  • Hi,
    I have site-to-site IPSec tunnel configured and established between two v2.0.1 pfsense routers. I can ping from one router to another one on remote site on LAN address vice versa. I can ping and access router A on remote site B computer. Also I can ping and access router B from remote computer on site A.

    But I cant access anything behind this two router. I cant ping or access server on site A from computer od site B, or access server on B site from computer on A site. A can access only routers.

    I tried everything I think, please help me ! Thank you.



  • sounds like your return routing isn't valid, default gateway not pointing back to the LAN IP on each side.



  • Do you check your firewall rule?  ;)



  • @cmb:

    sounds like your return routing isn't valid, default gateway not pointing back to the LAN IP on each side.

    Yes problem should be there, but I do not understand how and where set this "pointing back to the LAN IP". I think I have everything configured correctly, but probably not :) . Can you describe it wider please? I not IT newbie but in pfsense IPSec case I feel like lama.
    Many thanks !



  • The default gateway on hosts on both sides of the network must point to pfsense, or alternatively you'll need a static route on the device that is the default gateway.



  • Make sure also on both sides of the networks under rules and then IPsec tab to config to allow access. Me personally on both sides i allow any lan triffic to pass through on both sides. So for me i have stars * on all the options.



  • Try disabling the firewall on the computers. Even though you cannot ping them, can yopu remote desktop to them? I found that windows 7 and XP can nativly block ping replies, especially from different subnets. Turn windows firewall of and then try to ping. You can create an exception in windows firewall to reply if you decide you want to leave it on.


Locked