Ipsec Green, but I can't ping



  • Hi,

    On my status, everything is showing as up green (connected), but I can't ping over my IPSec.  Do I need to open firewall ports on the opposite end to allow traffic from the near end?

    I.E.  I am using 172.16.0.0/16 on the Office End, and 192.168.3.0/24 on the home end–would I need to allow inbound traffic on the WAN interface, or does the ipsec protocol override firewall requirements?

    Thanks,
    Andrew



  • the lan rule tab controls the outgoing traffic and the ipsec rule tab controls the incoming ipsec traffic. You don´t need ipsec rules on the wan tab, that makes pfsense automatically behind the scenes



  • With all my testing I've been up to, I've had this occur a couple times….it was the wierdest thing...The IPsec would show green, but I couldn't ping anything. It freaked me out the first time...

    The first time, on the ipsec settings I had to put the remote public IP of the host for the Remote Gateway. I had accedently put the internal local IP fro the Remote Gateway. I was surprised it even connected!

    The second time, I had rebooted the PF breaking the connection suddenly. And for some reason it seamed to get 'suck'. IPsec showed green, but the DHCP and Relay DHCP both were saying each other was active, so no settings showed. Dispite, my user PC was still connecting via DHCP ok. I made a backup config file, then restored to factory defaults, then restore the config....unsurprisingly, it also restored the issue! LOL! So I did it one more time...and it did the same thing, surprise, surprise... So I figured it was soemthing else causing it. So I changed the "Lifetime" setting from 28800 and 84400 to 1200 for both, and wammo! It resolved it. My guess is, if you're making lots of setting changes, it's better to have a shorter lifetime setting... then to make it longer once things have settled.

    Hope that helps!


Log in to reply