Re: [pfSense] IPSec not routing traffic over tunnel

2018-02-12 Thread Roland Giesler
On 10 February 2018 at 11:11, Chris L wrote: > > > On Feb 9, 2018, at 5:25 AM, Mark Wiater > wrote: > > > > In my experience, one does not see routes in the routing table for IPSEC > based routes. > > > > IPSEC tunneling, I believe, happens before any

Re: [pfSense] IPSec not routing traffic over tunnel

2018-02-10 Thread Chris L
> On Feb 9, 2018, at 5:25 AM, Mark Wiater wrote: > > > > On 2/9/2018 6:42 AM, Roland Giesler wrote: >> Ok, I'll try again with real (fake) addresses to make it better understood. >> >> WAN gateway: 197.212.127.194 (primary firewall interface), next hop >> gateway

Re: [pfSense] IPSec not routing traffic over tunnel

2018-02-09 Thread Roland Giesler
The issue has been resolved. I was using ip addresses that were in my list of virtual ip addresses as well. After removing them from the virtual list it works like a charm! On 9 February 2018 at 15:25, Mark Wiater wrote: > > > On 2/9/2018 6:42 AM, Roland Giesler

Re: [pfSense] IPSec not routing traffic over tunnel

2018-02-09 Thread Mark Wiater
On 2/9/2018 6:42 AM, Roland Giesler wrote: Ok, I'll try again with real (fake) addresses to make it better understood. WAN gateway: 197.212.127.194 (primary firewall interface), next hop gateway 197.212.127.193 Phase1: Interface: Virtual IP 41.22.123.70 Phase2: Local address: address

Re: [pfSense] IPSec not routing traffic over tunnel

2018-02-09 Thread Eero Volotinen
I am sorry, but I cannot help. You can get commercial support from NetGate. -- Eero On Fri, Feb 9, 2018 at 1:42 PM, Roland Giesler wrote: > Ok, I'll try again with real (fake) addresses to make it better understood. > > WAN gateway: 197.212.127.194 (primary

Re: [pfSense] IPSec not routing traffic over tunnel

2018-02-09 Thread Roland Giesler
Ok, I'll try again with real (fake) addresses to make it better understood. WAN gateway: 197.212.127.194 (primary firewall interface), next hop gateway 197.212.127.193 Phase1: Interface: Virtual IP 41.22.123.70 Phase2: Local address: address 192.168.110.130 Local NAT translation: address

Re: [pfSense] IPSec not routing traffic over tunnel

2018-02-08 Thread Eero Volotinen
Well. Maybe You need to hire pfsense consultant with NDA, so you can unmask needed information. Usually there is no need to NAT in ipsec as you can tunnel private network/ip address too and limit access with firewall rules. Eero On Thu, Feb 8, 2018 at 9:42 PM, Roland Giesler

Re: [pfSense] IPSec not routing traffic over tunnel

2018-02-08 Thread Roland Giesler
On 8 February 2018 at 20:40, Eero Volotinen wrote: > how about not masking ip addresses? > I'm not allowed to show the ip addresses (by my client), hence the masking... I thought I need NAT, but I also testing simply added the virtual ip, a.a.a.a as the address, but it

Re: [pfSense] IPSec not routing traffic over tunnel

2018-02-08 Thread Eero Volotinen
how about not masking ip addresses? do you really need nat in phase 2 ? why? Eero 8.2.2018 18.17 "Roland Giesler" kirjoitti: > I'm trying to find a solution and know there are quite a few pfSense users > here, so here goes... > > We've set up some IPSec tunnels and

[pfSense] IPSec not routing traffic over tunnel

2018-02-08 Thread Roland Giesler
I'm trying to find a solution and know there are quite a few pfSense users here, so here goes... We've set up some IPSec tunnels and they connect. The Phase2 also "comes up", but we can't reach the hosts specified in the Phase2 "remote network". One instance (to keep it simpler): WAN gateway: