Site to site problems
I am very new to PFsense… but have dabbled with m0n0 wall over the years.
I have two boxes using pfsense 2.01. I have set up the ipsec vpn and it shows that it works. I can ping the local network adapter and I can ping the network adapter at the other end of the vpn. I can log in to either pfsense box. So I am fairly confident that the vpn works. Where I am having problems is when I try to ping a computer on the remote network. example: my laptop has an ip of 192.168.1.100, I can ping the local pfsense ip: 192.168.1.1 and I can ping the remote pfsense ip: 192.168.2.222. But when I try to ping the server @ 192.168.2.2 I can't. I can ping the server from the pfsense box at 192.168.2.222 though but not from the pfsense box @ 192.168.1.1
I'm just in the testing stage and want to replace a pair of old ISA servers.
What are your ipsec firewall rules, just to test put everything on any any ….
Your return routing sounds wrong, i.e. the default gateway on the hosts is pointing to something other than pfsense so the replies go back to something else and get lost.
Agree with Conehead, Modify the IPSEC rules and make sure both sides say any and any. Then traffic will flow.
I have the same issue but know my hosts have the correct gateway host as if I simply replace the pfsense 2.0.1 server with a 1.2-release version it works.
To clarify if I have 2 pfsense 2.0.1 servers with an ipsec vpn tunnel between them when I am connected via pptp to one of the server I am able to connect to the lan ip of the remote server but not devices on the remote lan. If I swop one of the servers with 1.2-release leaving the other 2.0.1 server the same bingo I can access the remote lan devices.
Does anyone have any ideas, is there a feature in 2.0.1 that will cause this issue?
Any help greatly appreciated
I cracked the issue today and thought I would share it in case anyone else is having the same issue.
It turns out that on 2.0.1 install the captive portal was stopping the local devices from accessing the vpn subnet, in 1.3 release the captive portal is configured in the same way but traffic passes with no issue. Maybe somebody knows the answer to why but all I know is I have added the management ip in the captive portal allowed list and now all is working.
Hope this saves someone else a headache!!