Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't pass trafic from default interface through tunnel

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 724 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • iorxI
      iorx
      last edited by

      Hi!

      Strange! This was fully working with 2.1.5. One side is a 2.2.1 now and name resolution is acting up from the 2.2.1 side.

      I can ping back and forth from both LANs (with hosts). The problem is that name resolution is not working. I've got a "Domain Overrides" which points to the other sides DNS.

      Tried to ping, from Diagnostics, from default interface. No go. Pinging from LAN interface is OK.

      […] time passes tries stuff. When I read my above explanation it gave me an idea to test.

      SOLVED. But is this the right way to do it?
      I changed the "Outgoing Network Interfaces" for DNS Resolver to LAN and name resolution works.  :-\

      Tried to ping from the console through the tunnel. Doesn't work.
      Is it something here I don't understand about IPSEC?

      Brgs,

      1 Reply Last reply Reply Quote 0
      • iorxI
        iorx
        last edited by

        Talking to myself. No not crazy at all  :o

        My solution above is not the right way I think. The underlying issue with IPSEC is traffic from pfsense, how to get it to route its own traffic.

        This solved the problem with "DNS Resolver" not working, that is; not reaching a DNS on the other side of the tunnel. After this I could restore the setting for "Outgoing interface" to "All" instead of "LAN".

        https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.