Im running the same issue. were you able to troubleshoot it?
2016-05-20 15:44 GMT-03:00 Olivier Mueller <om-lists-pfse...@omx.ch>: > Hello, bonjour, > > I have some "Simple" IPv4 tunnels (IKEv1) to customers here, 3 are > already running. Our LAN: 192.168.1.0/24, WAN IP address 80.254.x.y. > > Already working tunnels are having a Phase 2 setup similar to: > - Local Network: LAN Subnet > NAT/BINAT: Type Network, Address 192.168.10.0/24 > - Remote Network: Type Network , Address 10.116.0.0/16 > > I now have to add a new tunnel, but this time and for the first time the > Remote Network Address is using public IP ranges. Current phase 2 setup: > - Local Network: WAN Subnet - no NAT/BINAT > - Remote Network: Type Network, Address 159.16x.y.z/30 > > IPSEC connection status for Phase 1 and Phase 2 are fine, everything > works as planed when testing from the router itself (when connected via > ssh to the pfsense system, I can ping one remote target IP as > 159.16x.y.7). But the only issue is that I cannot access the target > range 159.16x.y.z/30 from our LAN (192.168.1.0/24). > > I tried changing the phase 2 settings, but with anything else the tunnel > will not work. And if I set "LAN subnet" as NAT/BINAT network, it > seems to be ignored and will not be saved. > I also thought about adding a static route, but it's not possible to > select an tunnel as a gateway, so is it the right place to do this ? > > So how could I route these packets to 159.16x.y.z/30 over the tunnel > instead as directly over our gateway ? > > Any hint would be very welcome as I am not very experienced with ipsec > topics. Merci & kind regards, Olivier > > > PS: I originally posted this in the forum under > https://forum.pfsense.org/index.php?topic=111512.0, so of course I will > repost any update/solution there too, sorry for any inconvenience. > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
