On Tue, Sep 22, 2009 at 11:10 PM, Evgeny Yurchenko <[email protected]> wrote: > > I can not ping 10.29.11.1 or 10.29.11.2 from any host connected to LAN > pfSense1. Traffic does not go over IPSec but instead natted and goes to > Internet. > On WAN (ng0): > 20:29:13.951253 IP x.x.x.106 > 10.29.11.1: ICMP echo request, id 1781, seq > 6706, length 40 > 20:29:19.451065 IP x.x.x.106 > 10.29.11.1: ICMP echo request, id 1781, seq > 6962, length 40 > 20:29:24.950912 IP x.x.x.106 > 10.29.11.1: ICMP echo request, id 1781, seq > 7218, length 40 > > Can anybody explain this?
If it's initiated from the firewall, and initiated from a source IP that's part of the IPsec connection, it will traverse the IPsec. If you don't tell it where to initiate, and you don't have the static route described in the aforementioned FAQ, it will follow the system routing table which generally means it won't go over IPsec. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
