Filtering IPsec tunnel traffic on pfSense 2.1

  • Ok,
    This is an odd one to me.
    I've got a new pfSense 2.1 setup with LAN / Wan / IPsec.
    There is a site to site IPsec VPN between a pfSense 2.0.3 setup at the remote site.

    The only rules on the firewall at my site are the default block BOGON / Private nets on Wan, allow ip4 out from Lan. I started with no rules on the IPsec tab.

    However, I am able to access hosts on the other side of the VPN without any issue from my site. Traffic originating from the remote site is being blocked.

    Then, I added a * * drop rule to the IPsec firewall tab and can still access the hosts on the remote side.

    It seems that the LAN rules on my side are also applying to the tunneled traffic. This did not occur when both sides had pfSense 2.0.3

    Am I missing something? Is this related to the NAT setup on 2.1?

  • Rebel Alliance Developer Netgate

    Please don't cross-post topics to multiple boards.

    I replied to your other topic in the Firewalling board.

Log in to reply