• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Is pfSense capable of send data over its own IPSec links?

Scheduled Pinned Locked Moved IPsec
5 Posts 2 Posters 2.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    MrKoen
    last edited by Dec 24, 2012, 6:40 PM

    I was wondering if pfSense is capable of sending data over an IPSec link it hosts itself. For example:

    Host A <–- LAN ---> pfSense A <--- IPSEC --> pfSense B <--- LAN ---> Host B

    When I do a trace route from host A to host B over the IPSec link hosted by both pfSense A and pfSense B, I notice that the pfSense B side is never replying, though it does pass the packets on to and back from host B. Also when I log onto pfSense and from the console try to reach the other side of the IPSec link, I don't get any replies. As far as I can see it is not a firewall rule blocking this traffic.

    So I was wondering, is it possible to allow pfSense A and pfSense B to communicate with each other directly over the IPSec link they both host?

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Dec 24, 2012, 7:55 PM

      It can, it just needs a nudge.

      http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • M
        MrKoen
        last edited by Dec 29, 2012, 9:42 PM

        Hi Jimp,

        thanks for your reply! I gave it a try and now I can indeed ping from pfSense A to pfSense B. What still doesn't work is when I do a traceroute from host A to host B, that pfSense B replies to the ICMP packets involved in the traceroute. Perhaps this is due to something else. Got a clue?

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Dec 31, 2012, 2:40 PM

          Traceroute will never work correctly through IPsec. It's just a side effect of how IPsec works in the FreeBSD kernel.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • M
            MrKoen
            last edited by Dec 31, 2012, 4:20 PM

            Pitty. At least now I know I can stop looking for a solution for it :) Thanks!

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received