PFSENSE ON VMWARE IPSEC ROUTING TROUBLE



  • Hi Guys,

    I'm in front of curious behavior. I have installed pfSense 2.0.1 on a virtual machine PF1 hosted by an ESX on a site (Site1), several NIC are attached to this machine associated to different networks :

    • LAN1, LAN2, DMZ1, DMZ2 … networks that are represented by portgroups (1 port group per network) on a vswitch1 all belonging to the 10.1.0.0/16 (ex : LAN1 is 10.1.1.0/24, DMZ1 is 10.1.30.0/27 ...)
    • 1 internet access linked to a second vswitch2

    This configuration is working well, virtual machines with NIC associated to different portgrpoups can communicate without any trouble (i.e. : machine on LAN1 can ping machine on DMZ1).

    I have mounted a site 2 site IPSEC VPN tunnel between PF1 through internet access and another pfSense 2.0.1 server PF2 (physical) on a different site (Site2) to reach the rest of the 10.0.0.0/8 network. So I have this configuration for VPN tunnel :
    PF1 LOCAL NETWORK :  10.1.0.0/16
    PF1 REMOTE NETWORK : 10.0.0.0/8
    PF2 LOCAL NETWORK : 10.0.0.0/8
    PF1 REMOTE NETWORK :  10.1.0.0/16

    The IPSEC tunnel is correctly mounted, I can ping or telnet machines from site2 to site1 and from site1 to site2 easily. But after the tunnel mounting I observe that :

    • Ping between virtual machines on the ESX that are not connected to the same networks does not work (i.e : machine on LAN1 can't ping machine on DMZ1, machine on LAN2 can't ping machine on LAN1 ...)
    • Only the machines with NIC connected to the portgroup associated to LAN interface (in pfSense term in my case it is LAN1) can ping the gateway, the machine with NIC connected to other portgroups on switch1 can't ping their corresponding gateway.
    • I can access internet from every machine on the ESX (expected result)

    It seems that the route on PF1 are not correctly updated. Please could you help me ?

    Thanks in advance


Log in to reply