Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ***SOLVED*** built IPSEC tunnel, site to site is talking….green box

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 938 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      the good news, i built a tunnel and the two pfsense boxes are talking to e/o, IPSEC status is green.

      there is a computer behind each pfsense box and i can ping from comp a at site a to site b comp b and i get a reply, no problem, pings work both ways, using the LAN address, that is.

      i created an ICMP rule and i created an allow any/any rule, for testing.  everything seems like it is working up to this point.

      my issue is when i try to ping from either site using diagnostics, ping.  from site a i enter in the lan ip of site b (computer or pfsense box, neither work) and the other way around doesnt't work.

      i am not sure why a ping behind the pfsense to the other site works, but not from within pfsense to pfsense or a respective client machine.

      am i missing something obvious?

      thanks.

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by

        SOLVED

        i needed to create a static route in each firewall.

        13.4.4. pfSense-initiated Traffic and IPsec
        To access the remote end of IPsec connections from pfSense itself, you will need to "fake"
        the system by adding a static route pointing the remote network to the system's LAN IP. Note
        this example presumes the VPN is connecting the LAN interface on both sides. If your IPsec
        connection is connecting an OPT interface, replace Interface and IP address of the interface
        accordingly. Because of the way IPsec is tied into the FreeBSD kernel, without the static route
        the traffic will follow the system's routing table, which will likely send this traffic out your WAN
        interface rather than over the IPsec tunnel.

        once i did that, i was able to ping from within pfsense on both sides via diagnostic, ping.  i was able to ping the remote pfsense box and get replies as well as network devices, all within pfsense.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.