Okay. Found the mistake I made. Whenever you put IPSEC tunnels on an OPT interface, you must SPECIFY the gateway in your firewall rules definitions. the "default" gateway means system default in this case.
On 10/21/07, Gabriel Green <[EMAIL PROTECTED]> wrote: > > Hello all, > > For the past couple weeks as I did not have time to keep toying with the > issue, I maintained two WAN/LAN pfSense boxes--one for termination from an > SDSL line and one from a T1. This weekend, I had time and was certain it > was possible, I'm just missing something. > > For your reference, please see > http://www.offramp.org/~ggreen/<http://www.offramp.org/%7Eggreen/>where I > have posted a diagram. > > See, I have 5 NICs in the pfSense box (and two interfaces I am not using > presently), LAN, WAN (T1) and OPT1 (SDSL-WAN). IPSEC works beautifully if > it terminates on WAN, but if it terminates on OPT1 I can never seem to get > over to the LAN or back! The SA shows up and everything, I've tried every > permissive firewall rule I can think of, but it just *works* from WAN, not > from an OPT. > > I am going to try a snapshot tonight as a last ditch effort; it looks like > one was updated today. Or maybe I am misunderstood in that it's always that > way. > > We'll see shortly... > > Gabe >
