IPSec Routing questions



  • I'm trying to set up an IPSec net-to-net tunnel. The other end is a MikroTik router. I have it mostly working now, but it seems like there's a routing issue within the PfSense setup.

    192.168.37.1/24->PfSense->Internet->MikroTik->192.168.40.1/24

    192.168.37.2# ping 192.168.40.1
     <succeeds>192.168.37.2# traceroute -n 192.168.40.1
    traceroute to 192.168.40.1 (192.168.40.1), 30 hops max, 60 byte packets
     1  192.168.37.1  0.665 ms  0.770 ms  0.846 ms
     2  * * *
     3  * * *
     4  * * *
     5  * * *
     6  * * *
     7  *^C
    192.168.37.2# ping 192.168.40.2
     <fails>192.168.37.2# traceroute -n 192.168.40.2
    traceroute to 192.168.40.2 (192.168.40.2), 30 hops max, 60 byte packets
     1  192.168.37.1  0.598 ms  0.626 ms  0.656 ms
     2  * * *
     3  * * *
     4  * * *
     5  * * *
     6  * * *
     7  *^C
    
    192.168.40.2# ping 192.168.37.1
     <succeeds>192.168.40.2# ping 192.168.37.2
     <succeeds>192.168.40.2# traceroute -n 192.168.37.2
     1  192.168.40.1  0.204 ms  0.297 ms  0.365 ms
     2  * * *
     3  192.168.37.2  71.548 ms  71.669 ms  71.868 ms</succeeds></succeeds></fails></succeeds>
    

    I am thoroughly confused at this point. Any ideas?



  • Edit: This was just a figment of netcat. Happens locally too.

    ~~One more hint: What are these Xs?

    192.168.37.2# nc -l -p 1234 -uvvv
    listening on [any] 1234 ...
    192.168.40.2: inverse host lookup failed: Unknown host
    connect to [192.168.37.2] from (UNKNOWN) [192.168.40.2] 49339
    XXXXXhello
    ^C sent 0, rcvd 11
    
    192.168.40.2# echo hello | nc 192.168.37.2 1234 -u -vvv
    Connection to 192.168.37.2 1234 port [udp/*] succeeded!
    ^C
    ```~~

Log in to reply