IPSec not routing traffic from internal network



  • Hi,

    I have a IPSec tunnel which is up and connected successfully.

    My issue is it is not routing traffic from my internet network through the IPSec tunnel.

    My network is 192.168.0.0/24 and the network I am trying to reach is 192.168.130.0/24

    I have the firewall rules added and I can see the traffic is accepted in the logs but it does not reach the network.

    Have I missed something during my setup? Is there anything else I need to configure?

    On my workstations I have added a static route and also tried using the pfsense box as a default gateway but it does not get there.

    Any help would be great. Thanks



  • Hi there,

    seems there is noone to help you - I have the same issue and doing the "try and error" game after reading tons of Explanations which all doesnt seem to work … strange.....



  • Hi Realtek,
    Have you :

    • manual outbound NAT enabled
    • IPSEC rules full open (I know : bad idea, but only for testing purpose)
    • LAN rules open to reach destination subnet
    • IPSEC Phase2 local and remote networks well configured

    I run IPS LAN to LAN in production for a few month, without any problem. Don't understand where something goes bad for you.
    Any log ?

    Regards.
    Pierre



  • i have this same issue , in status its seem connected but traffic from my lan subnet and from pfsense not pass from tunnel
    how ca i fix it ?  :-\ :-\ :-\ :-\ :-\ :-
    :'( :'(



  • Hello, good morning,
    I have a similar problem, which version of pfSense?



  • Hi folks,
    2.2.1 for me, no issue.
    Do you have any log ?
    What are default Gateways (I remember I had strange behavior with def. GW configs) ?
    Cheers.
    Pierre



  • Hi!

    Digging around on one other issue and saw this. Maybe this be of help with your issue.
    My LAN routing to the other side of the tunnel was OK but I couldn't get pfsense to reach it (resulting in not DNS Resolver working among o.t.)

    This solved every thing for me:
    https://doc.pfsense.org/index.php/Why_can't_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN



  • @iorx:

    Hi!

    Digging around on one other issue and saw this. Maybe this be of help with your issue.
    My LAN routing to the other side of the tunnel was OK but I couldn't get pfsense to reach it (resulting in not DNS Resolver working among o.t.)

    This solved every thing for me:
    https://doc.pfsense.org/index.php/Why_can't_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

    Exact, iorx : in my prod config, C class IP addresses are all redirected to the LAN, whereas remote end of the IPSec tunnel is also 192.168. From my point of view (maybe mistaking, but why ?) this is normal, regarding routing : remote end of IPSec tunnel is "directly connected" for the pfSense, so not needing any static route.
    Have to recognize that adding a bogus internal IP to do it play may appear a little bit strange, though !  :D
    Cheers !


Log in to reply