Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Site to site problems

    IPsec
    5
    6
    2072
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fastrax last edited by

      I am very new to PFsense… but have dabbled with m0n0 wall over the years.
      I have two boxes using pfsense 2.01.  I have set up the ipsec vpn and it shows that it works.  I can ping the local network adapter and I can ping the network adapter at the other end of the vpn.  I can log in to either pfsense box.  So I am fairly confident that the vpn works.  Where I am having problems is when I try to ping a computer on the remote network.  example: my laptop has an ip of 192.168.1.100, I can ping the local pfsense ip: 192.168.1.1 and I can ping the remote pfsense ip: 192.168.2.222.  But when I try to ping the server @ 192.168.2.2 I can't.  I can ping the server from the pfsense box at 192.168.2.222 though but not from the pfsense box @ 192.168.1.1

      I'm just in the testing stage and want to replace a pair of old ISA servers.
      Any ideas?

      1 Reply Last reply Reply Quote 0
      • C
        conehead last edited by

        Hi,

        What are your ipsec firewall rules, just to test put everything on any any ….

        1 Reply Last reply Reply Quote 0
        • C
          cmb last edited by

          Your return routing sounds wrong, i.e. the default gateway on the hosts is pointing to something other than pfsense so the replies go back to something else and get lost.

          1 Reply Last reply Reply Quote 0
          • C
            craigduff last edited by

            Agree with Conehead, Modify the IPSEC rules and make sure both sides say any and any. Then traffic will flow.

            Kind Regards,
            Craig

            1 Reply Last reply Reply Quote 0
            • S
              stephenminta last edited by

              I have the same issue but know my hosts have the correct gateway host as if I simply replace the pfsense 2.0.1 server with a 1.2-release version it works.

              To clarify if I have 2 pfsense 2.0.1 servers with an ipsec vpn tunnel between them when I am connected via pptp to one of the server I am able to connect to the lan ip of the remote server but not devices on the remote lan. If I swop one of the servers with 1.2-release leaving the other 2.0.1 server the same bingo I can access the remote lan devices.

              Does anyone have any ideas, is there a feature in 2.0.1 that will cause this issue?

              Any help greatly appreciated

              Steve

              1 Reply Last reply Reply Quote 0
              • S
                stephenminta last edited by

                I cracked the issue today and thought I would share it in case anyone else is having the same issue.

                It turns out that on 2.0.1 install the captive portal was stopping the local devices from accessing the vpn subnet, in 1.3 release the captive portal is configured in the same way but traffic passes with no issue. Maybe somebody knows the answer to why but all I know is I have added the management ip in the captive portal allowed list and now all is working.

                Hope this saves someone else a headache!!

                Regards

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post