I'm trying to find a solution and know there are quite a few pfSense users here, so here goes...
We've set up some IPSec tunnels and they connect. The Phase2 also "comes up", but we can't reach the hosts specified in the Phase2 "remote network". One instance (to keep it simpler): WAN gateway: x.x.x.x (primary firewall interface) Phase1: Interface: Virtual IP a.a.a.a Phase2: Local address: address c.c.c.c Local NAT translation: address a.a.a.a Remote address: r.r.r.r (A public ip) When phase1 and 2 are up and connected, I see no route for r.r.r.r in the routing table. Doing a traceroute from c.c.c.c, I get traffic leaving the network via x.x.x.x, not via a.a.a.a. This could be because x.x.x.x is just a virtual address though, or what? In the firewall log I see: Feb 8 18:07:40 ► IPsec <https://mailtrack.io/trace/link/3810b0b653bf2d2e2cba22508a65c8ee1e61d53a?url=https%3A%2F%2Fin.gtst.xyz%2Feasyrule.php%3Faction%3Dblock%26int%3Dipsec%26src%3D41.75.111.178%26ipproto%3Dinet&userId=977006&signature=20ffc7b51058b751> a.a.a.a:57914 <https://mailtrack.io/trace/link/1a280d2835c7f522f38efd56201a0eb835d0bb60?url=https%3A%2F%2Fin.gtst.xyz%2Feasyrule.php%3Faction%3Dpass%26int%3Dipsec%26proto%3Dtcp%26src%3D41.75.111.178%26dst%3D196.201.107.67%26dstport%3D21410%26ipproto%3Dinet&userId=977006&signature=9606a76d3910d126> r.r.r.r:12345 TCP:S So traffic is being allowed via IPsec from a.a.a.a to r.r.r.r, but I'm not getting any response from the remote. What is going on here? Should there be a route to r.r.r.r in the routing table or does pfSense hide some mechanics of the ports and routes from me? Thanks Roland _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
