Filtering traffic over IPsec Tunnel on 2.1
ajacks last edited by
This is an odd one to me.
I've got a new pfSense 2.1 setup with LAN / Wan / IPsec.
There is a site to site IPsec VPN between a pfSense 2.0.3 setup at the remote site.
The only rules on the firewall at my site are the default block BOGON / Private nets on Wan, allow ip4 out from Lan. I have no rules on the IPsec tab yet.
However, I am able to access hosts on the other side of the VPN without any issue from my site. Traffic originating from the remote site is being blocked.
It seems that the LAN rules on my side are also applying to the tunneled traffic. This did not occur when both sides had pfSense 2.0.3
Am I missing something?
The IPsec tab rules only affect inbound traffic – traffic coming across the tunnel from the remote site.
If your clients are on LAN, and their LAN rules pass the traffic, they will be able to go across the VPN to the far side. 2.0.x worked the same way (as did 1.2.x).