IPSEC is connected but one-way traffic - NAT problem



  • I have upgraded both hardware and pfSense software to 2.1.4 - and I took the opportunity to do a fresh config from scratch to clear out loads of cruft that had accumulated.  But now I'm not recreating the IPSEC VPN entirely correctly for some reason.

    my setup:

    LAN 192.168.1.1 <–> pfsense wan 75.nn.nn.nn <--> internet <--> datacenter IPSec <--> VM Server 192.168.2.1

    Note that data center / VM provider manages IPSec on their end, and all this was working before I changed my side of the equation.

    My IPSec configuration appears to be OK, and tunnel established, etc.  Datacenter tech confirms he is showing UP/UP on his side also.  Traffic originating at datacenter can route to LAN OK - i.e., from 192.168.2.1, I can fetch a webpage hosted on 192.168.1.100.

    However, reverse traffic is not working.

    Datacenter tech advises that all the request from my side of the tunnel are dropping because they originate at 75.nn.nn.nn, instead of a 192.168.1.n address.

    So, I am NAT'ing when I should not be - or rather, I am NAT'ing to the wrong interface address (pfSense public IP) instead of using PFSense LAN.

    Any help?  Thanks!


Log in to reply