Blocking between LAN/IPSec interfaces



  • Hi,
    I have just set up multiple VLAN interfaces on my PFsense box and am having a bit of trouble with traffic being blocked.
    IPsec network = 192.168.2.0/24
    VLAN Interface (OOB) network = 192.168.230.0/24

    I have set a basic allow any rule for both interfaces
    IPv4 * * * * * * none

    Despite this, traffic is still getting blocked with a "Default deny rule IPv4"
    Any ideas as to why the traffic not match the allow all rule?
    I have included a log screencap of the blocks I am seeing
    It looks as if the traffic is able to get from the IPsec interface to LAN but not back

    Any tips would be much appreciated



  • As I work more on this I have a possible lead.

    My phase 2 for the IPSec connection specifies the VLAN i am connecting to.
    Right now I have the IPSec server giving my client an address from the network 192.168.2.0/24 and it is connecting me to the VLAN with a network of 192.168.210.0/24

    The VLAN I am having trouble accessing from the IPSec interface has a network of 192.168.230.0/24 (shows as OOB in the previous log screenshot)
    I assumed that given the allow all rules present on each interface that even though IPSec phase 2 specifies that I am connected to the 192.168.210.0/24 network, I would still have access to 192.168.230.0/24
    Perhaps I am wrong on this.
    As a side note. If i ssh to a host on the 192.168.210.0/24 network, I can use that host to access the 192.168.230.0/24 network without an issue. This leads me to believe I have an issue with how my IPSec server is setup.



  • Ok,
    After doing some more research I have found the answer.
    In order to route correctly between VLANS when using an IPSec tunnel I needed to add additional phase 2 entries on my IPSec server config that specified each additional VLAN I needed to access.


Log in to reply