Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC VPN tunnel and direct traffic between VPN endpoint

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 643 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      arekkusu
      last edited by

      Hello,

      I recently setup an IPSec VPN with a friend, both end running Pfsense.
      Getting the tunnel to come up using IKEv2 with matching setting was no problem.

      Note a single Phase 2 definition covering the respective local network(s) range was defined:
        Site A: 10.10.0.0/16
        Site B: 10.20.0.0/16

      Traffic between host on both side works without issue (when rule is added to allow traffic).
      However traffic between the Pfsense boxes is not working I expected:

      Using  ping ("Diagnostics > Ping") with default source address I am not able to ping the remote Pfsense private IP. When changing the source address to the LAN it does however work.

      Note that both pfsense are connected to multiple network: one WAN and multiple LANs.
      It appear that when doing a ping without specifying the source address, it default to using the WAN.

      This seems like an odd behaviour to me. I searched a bit but did not managed to find much.
      I would appreciate some help or pointer.

      • Is an additional Phase 2 recommended to cover traffic the pfsense gateway themselves
      • Should I add a static route as a workaround ?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.