IPsec site-to-site VPN established, but I can't seem to touch their subnet



  • Weird problem here… The purpose of this VPN is to give some machines (192.168.9.0 through 192.168.9.15) on my network (192.168.9.0/24) access an intranet site on a client's network. I've been using the guide on the Pfsense wiki to set things up… Here's the summary of what has been done so far:

    192.168.9.0/28 --> PFsense (192.168.9.1) --> WAN (68.X.X.X) --> IPSEC TUNNEL --> Remote Host (200.X.X.X) --> Intranet site (172.X.X.X)

    I have the VPN established with a green light on the status page.



    Here is my firewall rule for IPsec:

    Here are my firewall rules to ensure the remote host can connect to my WAN:

    When I try to access 172.X.X.X in a browser (or ping) from a machine within my subnet specificed in the IPsec config, I get nothing. I see no entries in the firewall for any of the IPs mentioned above.

    What should I look at next? I feel like I must be missing something obvious since the IPsec connection is established and green.



  • This is becoming more urgent of an issue for me… If you can solve this with me today or tomorrow, PM me and I'll point you to the elance job or we can do the transaction on paypal. Willing to pay $50 for a quick resolution.


  • Rebel Alliance Developer Netgate

    There is data on the SAD entries going from you to the remote site - there is no data on the return SAs. That implies that they are blocking the traffic or it's being ignored/misrouted on the return. You side may be setup right. I'd focus on the remote.


Log in to reply