Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Slave not reachable through ipsec tunnel

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cartman987
      last edited by

      Hi all,

      I have the following setup:

      WAN(/24): 10.0.0.1 (VIP)
      10.0.0.2 Master
      10.0.0.3 Slave

      LAN(/24): 192.168.0.1 (VIP)
      192.168.0.2 Master
      192.168.0.3 Slave

      The Tunnel is up and running IPSEC is using the wan vip interface. Ping from the remote network (192.168.1.0/24) to the vip and master LAN address is working, ping to slave is timing out. Any ideas?

      Regards,
      cartman

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That is normal/expected.

        The slave believes it has a better path back via its own tunnel, even though it is down.

        To fix it, you'll need to be on manual outbound NAT and add a rule so it does NAT on the traffic from the VPN subnet going to the slave's IP, and vice versa. that way it appears to originate from the opposing firewall and not the VPN, so the traffic returns as expected.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          cartman987
          last edited by

          Works like a charm! Thanks a lot  ;D

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.