Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unusual IPSEC VPN issue

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      draccusfly
      last edited by

      Hi,

      I have a new set up of pfSense and needed to create a VPN to our remote office (pretty normal stuff really), so I created the tunnel on the pfsense, then logged onto the remote router and made sure the settings matched and connected.  The VPN came up no issues and I can ping devices on the remote site.  However, I cannot ping from the remote site to the pfsense site.  It's as though it's not connected.  I quickly realised that I needed a rule n the firewall to allow traffic from the remote IP range (different subnet) but still no luck.  I created the rules on the IPSEC and INTERNAL interfaces.

      I know I must be missing something really simple here and it should all work, so if anyone has any ideas a jab in the right direction would really help :)

      Cheers
      Drac

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        @draccusfly:

        I know I must be missing something really simple here and it should all work, so if anyone has any ideas a jab in the right direction would really help :)

        Did you reset firewall states after adding the rules? (See Diagnostics -> States, click on Reset States tab, read and click Reset button.)

        Did you specify the rules correctly?

        1 Reply Last reply Reply Quote 0
        • D
          draccusfly
          last edited by

          I believe so, I tried it by setting a firewall rules as follows:

          allow all traffic on interface IPSEC from remote IP > internal LAN
          allow all traffic on interface INTERNAL LAN from remote IP > internal LAN

          I didn't reset states though.

          I did read a post later on that suggested allowing traffic on your EXTERNAL interface from remote EXTERNAL IP but my thinking is that once the VPN tunnel is established the traffic would appear to come from the remote IP network addresses rather than EXTERNAL IP address?

          Drac

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.