Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ping problem on Ipsec

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      johnatemps
      last edited by

      Hi all,

      Sorry beforehand for my very bad English :D…

      I discovered yesterday ipsec so sorry if I'm not always the exact terms.

      So here is my problem. I configured a ipsec server on pfsense without problem.

      I runs the client and ipsec connection that goes well.

      Here the network diagram :

      VPN client: 10.110.1.0/24 ---------- ---------- Internet WAN (PPPoE): 109.111.222.333 - pfsense - LAN: 10.10.1.201/24 - ------- Lan: 10.10.1.0/24

      The problem is that when I'm connected to VPN 10.110.1.0 I can not ping remote computers in 10.10.1.0.

      I started a ping from 10.10.1.1 to 10.110.1.3. I ran Wireshark on the post 10.10.1.1 and ping arrive well. But the return it passes less well.
      The traceroute of 10.110.1.3 on 10.10.1.1 indicates me that after 10.10.1.201, packages it lose.

      1    <1 ms    <1 ms    <1 ms  10.10.1.201
      2    *        *        *    Délai d'attente de la demande dépassé.
      3    *        *        *    Délai d'attente de la demande dépassé.

      Have you any idea?

      Thanks

      1 Reply Last reply Reply Quote 0
      • M
        mauirixxx
        last edited by

        while I'm REALLY new to pfsense (like 4 days old haha), I had a problem similar over my ipsec vpn. I could ping from the remote office to the main office, but not the other way around.

        I ended up going to Firewall -> Rules -> IPsec @ the remote office, and made an "any" rule (any protocol, source, port, destination, gateway). Once I did that, I could ping and traceroute both ways across the link.

        Basically, you have to treat the IPsec tunnel as any other network adapter it seems. Hope this helps.

        –mauirixxx

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.