Blocking between LAN/IPSec interfaces
-
Hi,
I have just set up multiple VLAN interfaces on my PFsense box and am having a bit of trouble with traffic being blocked.
IPsec network = 192.168.2.0/24
VLAN Interface (OOB) network = 192.168.230.0/24I have set a basic allow any rule for both interfaces
IPv4 * * * * * * noneDespite this, traffic is still getting blocked with a "Default deny rule IPv4"
Any ideas as to why the traffic not match the allow all rule?
I have included a log screencap of the blocks I am seeing
It looks as if the traffic is able to get from the IPsec interface to LAN but not backAny tips would be much appreciated
-
As I work more on this I have a possible lead.
My phase 2 for the IPSec connection specifies the VLAN i am connecting to.
Right now I have the IPSec server giving my client an address from the network 192.168.2.0/24 and it is connecting me to the VLAN with a network of 192.168.210.0/24The VLAN I am having trouble accessing from the IPSec interface has a network of 192.168.230.0/24 (shows as OOB in the previous log screenshot)
I assumed that given the allow all rules present on each interface that even though IPSec phase 2 specifies that I am connected to the 192.168.210.0/24 network, I would still have access to 192.168.230.0/24
Perhaps I am wrong on this.
As a side note. If i ssh to a host on the 192.168.210.0/24 network, I can use that host to access the 192.168.230.0/24 network without an issue. This leads me to believe I have an issue with how my IPSec server is setup. -
Ok,
After doing some more research I have found the answer.
In order to route correctly between VLANS when using an IPSec tunnel I needed to add additional phase 2 entries on my IPSec server config that specified each additional VLAN I needed to access.