Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC is connected but one-way traffic - NAT problem

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 859 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vschmidt
      last edited by

      I have upgraded both hardware and pfSense software to 2.1.4 - and I took the opportunity to do a fresh config from scratch to clear out loads of cruft that had accumulated.  But now I'm not recreating the IPSEC VPN entirely correctly for some reason.

      my setup:

      LAN 192.168.1.1 <–> pfsense wan 75.nn.nn.nn <--> internet <--> datacenter IPSec <--> VM Server 192.168.2.1

      Note that data center / VM provider manages IPSec on their end, and all this was working before I changed my side of the equation.

      My IPSec configuration appears to be OK, and tunnel established, etc.  Datacenter tech confirms he is showing UP/UP on his side also.  Traffic originating at datacenter can route to LAN OK - i.e., from 192.168.2.1, I can fetch a webpage hosted on 192.168.1.100.

      However, reverse traffic is not working.

      Datacenter tech advises that all the request from my side of the tunnel are dropping because they originate at 75.nn.nn.nn, instead of a 192.168.1.n address.

      So, I am NAT'ing when I should not be - or rather, I am NAT'ing to the wrong interface address (pfSense public IP) instead of using PFSense LAN.

      Any help?  Thanks!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.