Somoene Help! No traffic going via IPSEC tunnel

craigduff

ok each site has 1 public IP address! I know this is rubbish! So iv had to fiddle around and speak to a few providers to get this right! So let me paint you a picture.

Site 1

Zyxel Router: 192.168.2.1 (Pass through mode to Pfsense)
Pfsense WAN: 192.168.2.2

LAN 192.168.17.0/24

Site 2
Zyxel Router: 192.168.3.1 (Pass through mode to Pfsense)
Pfsense WAN: 192.168.3.2

LAN: 192.168.20.0/24

So when I create a IPSEC tunnel! The handshake is fine and its all green! Port forwarding works just fine! However when I try and ping from either
lan IP I don't get a response! Its as if the traffic is not being routed correctly…

So if I do a tracert to either Site.. lets say Google.co.uk

Hop1: firewall (192.168.17.100)
Hope2: 192.168.2.1
etc etc

But If I do a tracert to 192.168.17.100 I get this!

Hop1: Firewall 192.168.17.100
Hope2 ***********************

It just doesn't want to know! Im really stuck! Im just its just adding a stupid route or something? Can someone tell me where? and what I can do to resolve this?

Cheers Guys!! Thank you in advance!

craigduff

My case i think is very similar to the link below

http://forum.pfsense.org/index.php?topic=14676.0

can i call upon the admins and Heros as i don't think the case above was resolved either?

craigduff

http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP%2C_use_syslog%2C_NTP%2C_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

This didnt seem to help either?

craigduff

Iv been reading through lots and lots of articles and getting a mixture of different opinions on resolutions and work arounds.

Guys! Iv had to go via the OpenVPN route. Doesnt look like anyone can give me a viable answer to problem.

Cheers for reading!

tjsummers51l

I am by no means an expert. But since the experts have not had time to respond, I thought I'd give my two cents as I've had a pfsense site to site ipsec tunnel working for sometime.  In phase 2 what did you put for local network and remote network.  I have local subnet selected for the first and the address  ip for the remote network.  I believe this sets up the routing needed from one subnet to the other.  Since you are going from WAN interface to another router as your default gateway, there was an entry in the pfsense guide that mentioned you might have to setup static routes from one network to the other. For your layout, pfsense is not the gatway router.  There are some considerations in the guide for that. I'm not sure if posting from the guide is allowed for copyright reasons. I will try to summarize.  A static route could be entered into the gateway router that will redirect traffic destined for the far side of the tunnel to the pfSense router.
There may be some issues with this and it goes on to recommend that pfsense be made the default gateway of both networks.  I hope this helps.  FYI, both ends of my tunnel have pfsense as the gateway.  I hope this helps.