Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing through an IPSec Tunnel

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      geudrik
      last edited by

      Hey Guys,

      I know this must be a really simple answer and I'm just over looking something simple, but…

      I've got an established IPSec tunnel between two locations, as follows.
      192.168.0.0/24 <----------------------------> 192.168.10.0/24

      The 0.0 network cant ping or otherwise talk to the 10.0 network, but the 0.0 router is able to.
      The 10.0 router can ping the 0.0 network and router, as can all hosts in the 10.0 network.

      I've added "allow all" firewall rules on both ends of the tunnels, too.

      What on earth am I doing wrong on the 0.0 end?  I'm going nuts! ha
      ![Screen Shot 2012-11-19 at 11.42.12 PM.png](/public/imported_attachments/1/Screen Shot 2012-11-19 at 11.42.12 PM.png)
      ![Screen Shot 2012-11-19 at 11.42.12 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-11-19 at 11.42.12 PM.png_thumb)
      ![Screen Shot 2012-11-19 at 11.42.24 PM.png](/public/imported_attachments/1/Screen Shot 2012-11-19 at 11.42.24 PM.png)
      ![Screen Shot 2012-11-19 at 11.42.24 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-11-19 at 11.42.24 PM.png_thumb)
      ![Screen Shot 2012-11-19 at 11.42.49 PM.png](/public/imported_attachments/1/Screen Shot 2012-11-19 at 11.42.49 PM.png)
      ![Screen Shot 2012-11-19 at 11.42.49 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-11-19 at 11.42.49 PM.png_thumb)
      ![Screen Shot 2012-11-19 at 11.43.20 PM.png](/public/imported_attachments/1/Screen Shot 2012-11-19 at 11.43.20 PM.png)
      ![Screen Shot 2012-11-19 at 11.43.20 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-11-19 at 11.43.20 PM.png_thumb)

      1 Reply Last reply Reply Quote 0
      • C
        craigduff
        last edited by

        What is the gateway of your 0.0 computers using? It should be pfsense… not the router... The router should be a route for pfsense to get out to the internet. Clients shouldnt really be able to see the router at all accept for Pfsense. IF your router can ping then the internal IP hop is missing, and needs to be corrected.. But i would recommend making sure clients gateway is pfsense.

        So it should look like this

        192.168.0.0/24---->pfsense(192.168.0.100)----Router(172.32.45.1)---<internet>---Router--Pfsense--192.168.10.0/24

        Yea...</internet>

        Kind Regards,
        Craig

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.