IpSec VPN and DHCP Relay



  • Hi!

    I´m having a problem with DHCP Relay service.
    First of all I have two sites and ipSec VPN tunnel between them:

    Site1: 192.168.11.0/24 (Here are all the servers and some clients)
    Site2: 192.168.12.0/24 (Here are some clients who have to get to the servers)

    All traffic inside the network (both subnets) is allowed and all traffic from outside blocked. Very simple default rules in WAN, LAN, and IPsec firewall sections. Both sites go to internet from their own GW. So no internet traffic is going trough the ipsec tunnel.

    At the moment everything is working (exept relay). I mean I can ping everything from the both side. I can do RDP everywhere and all computers in both networks are in domain, so all the traffic between DC and clients are working (both subnets).

    Problem is when I´m enbling DHCP Relay service on 192.168.12.1 (pfSense Site2). DHCP (MS Windows 2008R2) server is located in 192.168.11.5 so all the DHCP request should be transferred there but it doesn´t. Is there anything else I should do!? Some kind of routings or something else or should it just work when i enable the service!? When I put the static IP to some computer in 192.168.12.0/24 subnet - everything works just fine!

    In firewall log I can see only this that makes me concern (and some other logical traffic)

    –-------------------------
    Act    Time                  If      Source        Destination              Proto
    Block  Dec 19 22:56:23 WAN  0.0.0.0:68    255.255.255.255:67  UDP

    If I allow this traffic - nothing changes! DHCP Logs are clean! I have all the subnet and other things configured and all the 192.168.11.0/24 clients are using this DHCP server.

    Can you please help me out of the problem!?

    Have a nice christmas time and thank you!


Locked