Routing through multiple tunnels - how to tell if traffic is making it through?

  • Hey Folks,
    My question is, how can I verify that traffic from a box on my LAN is being pushed through the IPsec tunnel.

    I was able to do a pcap on LAN interface and see my traffic, but nothing showed on the IPsec interface. Is this expected? If so, what is the correct way to see if traffic is going through the tunnel?

    To add some context, I am trying to get traffic through a pfsense/palo alto IPsec tunnel from a dev box out to an api server on the other end of a second IPsec tunnel on that palo alto box. I have diagrammed below.

  • Upon looking at this further, I can see that the phase two entry I setup is not coming up as the rest of the tunnels are. I have verified, by turning on logging on the pass rule on the LAN interface, that my traffic is hitting the PFsense box and that the traffic is being passed.

    What I can't find a way to see, is where that traffic goes. Why doesn't the phase two entry come up after matching that traffic. I am digging into the IPsec logs, but it's difficult to read. there are a few tunnels working already, so there is a bunch of stuff in there.

Log in to reply