Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site2Site No Traffic

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      redflag237
      last edited by

      HI,

      I established a Site2Site IPSec Tunnel between pfsense 2.0.2 and another FritzBox.
      Local Subnet is 10.178.1.32/27, FritzBox is 192.168.178.0/24.
      Success on Ping from pfSense Webinterface to 192.168.178.1, no success ping from any of first subnet host to fritzBox.
      Ping from pfSense to FritzBox Network Device 192.168.178.25 is also ok.

      vpncfg {
  connections {
    enabled = yes;
    conn_type = conntype_lan;
    name = "VPN Poseidon"; // an identificator for your connection - pick anything
    always_renew = no;
    reject_not_encrypted = no;
    dont_filter_netbios = yes;
    localip = 0.0.0.0;
    local_virtualip = 0.0.0.0;
    remoteip = 10.178.1.62; // an unused IP address within your pfSense subnet
    remote_virtualip = 0.0.0.0;
    remotehostname = "host1.no-ip.org"; // the permanent hostname of your pfSense box
    localid {
      fqdn = "host2.no-ip.org"; // the permanent hostname of your FRITZ!Box
    }
    remoteid {
      fqdn = "plitt.no-ip.org"; // again, the permanent hostname of your pfSense box
    }
    mode = phase1_mode_aggressive;
    phase1ss = "def/3des/sha";
    keytype = connkeytype_pre_shared;
    key = "topsecret"; // the same pre-shared key you used when configuring pfSense
    cert_do_server_auth = no;
    use_nat_t = no;
    use_xauth = no;
    use_cfgmode = no;
    phase2localid {
      ipnet {
        ipaddr = 192.168.178.0; // the subnet IP address of your FRITZ!Box - the default being 192.168.178.0
        mask = 255.255.255.0; // the subnet netmask of your FRITZ!Box - the default being 255.255.255.0
      }
    }
    phase2remoteid {
      ipnet {
        ipaddr = 10.178.1.32; // the subnet IP address of your pfSense box - the default being 192.168.1.0
        mask = 255.255.255.224; // the subnet netmask of your pfSense box - the default being 255.255.255.0
      }
    }
    phase2ss = "esp-3des-sha/ah-no/comp-no/pfs";
    accesslist = "permit ip any 10.178.1.32 255.255.255.224"; // again, the subnet IP address and netmask of your pfSense box
  }
  ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", "udp 0.0.0.0:4500 0.0.0.0:4500";
}

      I tried adding a Gateway for 192.168.178.0/24 on 10.178.1.62. Ping is ok for this (Green in Dashboard). I tried to add a route for 192.168.178.0/24 with this Gateway, no success.

      This one was my Tutorial for setting up the Phase1/2:
      http://utopic.me/page/114424689_u/fun.kyco.de/2011/12/04/vpn-ipsec-tunnel-between-a-pfsense-2-0-router-and-a-fritzbox/

      Any Idea what's going wrong here?

      Best Regards,
      redflag237

      1 Reply Last reply Reply Quote 0
      • W
        wery
        last edited by

        redflag237, did you solve the problem?

        1 Reply Last reply Reply Quote 0
        • belleraB
          bellera
          last edited by

          @redflag237:

          I tried adding a Gateway for 192.168.178.0/24 on 10.178.1.62. Ping is ok for this (Green in Dashboard). I tried to add a route for 192.168.178.0/24 with this Gateway, no success.

          Don't add gateways or routes. Just specify local & remote networks. When a tunnel is established, virtual interface acts similar to a physical interface.

          Add a rule for your LAN interface allowing (any) traffic to the remote network and using default gateway (pfSense should route it, you don't need policy routing here). Remember to put your rule first than others that could interfere it.

          1 Reply Last reply Reply Quote 0
          • R
            redflag237
            last edited by

            @bellera:

            @redflag237:

            I tried adding a Gateway for 192.168.178.0/24 on 10.178.1.62. Ping is ok for this (Green in Dashboard). I tried to add a route for 192.168.178.0/24 with this Gateway, no success.

            Don't add gateways or routes. Just specify local & remote networks. When a tunnel is established, virtual interface acts similar to a physical interface.

            Add a rule for your LAN interface allowing (any) traffic to the remote network and using default gateway (pfSense should route it, you don't need policy routing here). Remember to put your rule first than others that could interfere it.

            Thank you so much. Tunnel is up and running.
            Unfortunately the Tunnel is only working between my Network specified in Phase 2 and the FritzBox network. There is no routing done on pfsense side.
            FritzBox is configured to accept the other subnets as source on the tunnel.

            How do i have to configure the Back-Route on FritzBox to get my routed subnets working?
            Does there have to be a virtual IP that can be used as Gateway for the tunnel?
            Maybe it is more useful to use NAT from Subnet X to VPN-enabled subnet on pfsense?

            Best regards,
            redflag237

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.