One way IPSEC VPN 2.2.6



  • Hi all - been scratching my head on this one for a while… hopefully someone can help.

    Got a pair of pfSense boxen running 2.2.6 - IPSec VPN set up between them.

    The VPN works with traffic initiated from SiteA>SiteB but not the other way around.

    In the non-working direction, I dont see the traffic hitting the enc0 interface - the log reports that the default deny has dropped it.

    In the working direction, I do see the appropriate traffic on the enc0 interface and the log reports that @81(1000004112) blah blah "IPsec internal host to host" rule has allowed it.

    The output of pfctl -sr tells me that both firewalls have that rule (I presume its a default rule)

    The P1 & P2 screens show successful connections. SPDs also show correct.

    I just cant see what the issue is… HELP :)

    ih



  • That means you don't have a matching rule on Firewall>Rules, IPsec tab, on the side where you're seeing it logged as blocked.



  • Hi, thanks for the response.

    I do though.

    On both sides, I have the following:

    ID Proto Source Port Destination Port Gateway Queue Schedule Description
    IPv4 * 172.16.10.0/24 * 172.16.20.0/24 * * none
    IPv4 * 172.16.20.0/24 * 172.16.10.0/24 * * none

    Is it indicative of something that on the working side, the rule matched does not appear to be one of these I manually added?

    ih


Log in to reply