4. One way IPSEC VPN 2.2.6

One way IPSEC VPN 2.2.6

  • I

    Hi all - been scratching my head on this one for a while… hopefully someone can help.

    Got a pair of pfSense boxen running 2.2.6 - IPSec VPN set up between them.

    The VPN works with traffic initiated from SiteA>SiteB but not the other way around.

    In the non-working direction, I dont see the traffic hitting the enc0 interface - the log reports that the default deny has dropped it.

    In the working direction, I do see the appropriate traffic on the enc0 interface and the log reports that @81(1000004112) blah blah "IPsec internal host to host" rule has allowed it.

    The output of pfctl -sr tells me that both firewalls have that rule (I presume its a default rule)

    The P1 & P2 screens show successful connections. SPDs also show correct.

    I just cant see what the issue is… HELP :)

    ih

    0
  • C

    That means you don't have a matching rule on Firewall>Rules, IPsec tab, on the side where you're seeing it logged as blocked.

    0
  • I

    Hi, thanks for the response.

    I do though.

    On both sides, I have the following:

    ID Proto Source Port Destination Port Gateway Queue Schedule Description
    IPv4 * 172.16.10.0/24 * 172.16.20.0/24 * * none
    IPv4 * 172.16.20.0/24 * 172.16.10.0/24 * * none

    Is it indicative of something that on the working side, the rule matched does not appear to be one of these I manually added?

    ih

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy