IPSec Tunnel UP (green) - But cannot ping internal networks



  • Hi ,

    I have 2x pfsense trying to setup ipsec tunneling site to site.

    Since I'm a new user to pfsense and never done ipsec site to site I've followed this tutorial which is seems to be pretty straight forward. http://www.youtube.com/watch?v=wPd4DLLB5to

    Once everything is configured I can see that the tunneling is working (Green) however I cannot ping their respective internal networks.

    I've tried to follow some tutorials here in forum but with no luck, I've searched a lot for one week now and I'm lost.

    Attached kindly find both phase1 and phase2 configs. This has been taken from one firewall but obviously what have been applied to this one should be the same on the other. Only IP's should be different.

    By the way I'm using different version of pfsense. first pfsense is 2.0.2-RC3 and the other one is 2.0.1-RELEASE. I don't know if this makes any difference.

    Can someone assist me to establish this. If you require more details let me know.

    Thanks

    Regards,
    Brian





  • Hi,

    30 views without a single reply.

    Can someone assist me on this please. Advise should you require more information from my side.

    Regards,
    Brian



  • I have the same problem. I strongly suggest that you want to have the exact same version on both sides.

    I think we need to configure something in Firewall NAT/Rules, but I'm honestly unable to discern whether the rules need to be Floating, WAN or IPSEC and there is hopelessly little information about what the difference is between those options in relation to VPNs.

    It is bizarre that setting up a VPN tunnel on two instances of an identical firewall doesn't open traffic between the tunnelled networks.

    UPDATE: NEED TO ALLOW ALL TRAFFIC ON RULE IN IPSEC SECTION

    UPDATE: NEED TO ENABLE OPTION TO PING A STATICALLY ADDRESSED DEVICE ON REMOTE NETWORK



  • Hi Splurben,

    I've managed to make this work after long swearing.

    My settings were good the only problem as I mentioned, is that I was unable to ping both traffics.

    What I was doing wrong is that I used PFSense menu to ping hosts. When I've logged from my hosts I was able to ping everything.
    I have linux and windows machines on both sites, I was able to connect via RDP and SSH.

    Yes indeed you need to allow traffic in IPSEC tab rule. I've configured mine to allow everything. Now that i know what is the problem I can restrict some rules.

    Do not ping from PFsense menu, try to ping from a host on both networks.

    At least this works for me, even that I have different version of pfsense.

    Regards,
    Brian



  • Hey Brian,

    I've got a similar issue, though mine seems to be the inverse of yours. I can ping hosts from PFSense, but PFSense is refusing to send logs over the tunnel, and I can only ping in one direction, not the other. When I ping an internal host from my data center, it tries to be sent out the WAN hole instead of going across the Tunnel.

    Do you have any bright ideas on this, seeing as you managed to figure your issue out?

    My thread is here - http://forum.pfsense.org/index.php/topic,55900.0.html


Locked