4. IPSEC VPN tunnel and direct traffic between VPN endpoint

IPSEC VPN tunnel and direct traffic between VPN endpoint

  • A

    Hello,

    I recently setup an IPSec VPN with a friend, both end running Pfsense.
    Getting the tunnel to come up using IKEv2 with matching setting was no problem.

    Note a single Phase 2 definition covering the respective local network(s) range was defined:
      Site A: 10.10.0.0/16
      Site B: 10.20.0.0/16

    Traffic between host on both side works without issue (when rule is added to allow traffic).
    However traffic between the Pfsense boxes is not working I expected:

    Using  ping ("Diagnostics > Ping") with default source address I am not able to ping the remote Pfsense private IP. When changing the source address to the LAN it does however work.

    Note that both pfsense are connected to multiple network: one WAN and multiple LANs.
    It appear that when doing a ping without specifying the source address, it default to using the WAN.

    This seems like an odd behaviour to me. I searched a bit but did not managed to find much.
    I would appreciate some help or pointer.

    • Is an additional Phase 2 recommended to cover traffic the pfsense gateway themselves
    • Should I add a static route as a workaround ?

    Thanks.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy