***SOLVED*** built IPSEC tunnel, site to site is talking….green box
-
the good news, i built a tunnel and the two pfsense boxes are talking to e/o, IPSEC status is green.
there is a computer behind each pfsense box and i can ping from comp a at site a to site b comp b and i get a reply, no problem, pings work both ways, using the LAN address, that is.
i created an ICMP rule and i created an allow any/any rule, for testing. everything seems like it is working up to this point.
my issue is when i try to ping from either site using diagnostics, ping. from site a i enter in the lan ip of site b (computer or pfsense box, neither work) and the other way around doesnt't work.
i am not sure why a ping behind the pfsense to the other site works, but not from within pfsense to pfsense or a respective client machine.
am i missing something obvious?
thanks.
-
SOLVED
i needed to create a static route in each firewall.
13.4.4. pfSense-initiated Traffic and IPsec
To access the remote end of IPsec connections from pfSense itself, you will need to "fake"
the system by adding a static route pointing the remote network to the system's LAN IP. Note
this example presumes the VPN is connecting the LAN interface on both sides. If your IPsec
connection is connecting an OPT interface, replace Interface and IP address of the interface
accordingly. Because of the way IPsec is tied into the FreeBSD kernel, without the static route
the traffic will follow the system's routing table, which will likely send this traffic out your WAN
interface rather than over the IPsec tunnel.once i did that, i was able to ping from within pfsense on both sides via diagnostic, ping. i was able to ping the remote pfsense box and get replies as well as network devices, all within pfsense.