The pfSense Store

Author Topic: Ping problem on Ipsec  (Read 924 times)

0 Members and 1 Guest are viewing this topic.

Offline johnatemps

  • Newbie
  • *
  • Posts: 1
    • View Profile
Ping problem on Ipsec
« on: June 08, 2012, 02:25:26 am »
Hi all,

Sorry beforehand for my very bad English :D...

I discovered yesterday ipsec so sorry if I'm not always the exact terms.

So here is my problem. I configured a ipsec server on pfsense without problem.

I runs the client and ipsec connection that goes well.


Here the network diagram :

VPN client: 10.110.1.0/24 ---------- ---------- Internet WAN (PPPoE): 109.111.222.333 - pfsense - LAN: 10.10.1.201/24 - ------- Lan: 10.10.1.0/24


The problem is that when I'm connected to VPN 10.110.1.0 I can not ping remote computers in 10.10.1.0.

I started a ping from 10.10.1.1 to 10.110.1.3. I ran Wireshark on the post 10.10.1.1 and ping arrive well. But the return it passes less well.
The traceroute of 10.110.1.3 on 10.10.1.1 indicates me that after 10.10.1.201, packages it lose.

Quote
1    <1 ms    <1 ms    <1 ms  10.10.1.201
 2     *        *        *     Délai d'attente de la demande dépassé.
 3     *        *        *     Délai d'attente de la demande dépassé.

Have you any idea?

Thanks

Offline mauirixxx

  • Newbie
  • *
  • Posts: 5
    • LinkedIn
    • Twitter
    • View Profile
Re: Ping problem on Ipsec
« Reply #1 on: June 29, 2012, 04:27:36 pm »
while I'm REALLY new to pfsense (like 4 days old haha), I had a problem similar over my ipsec vpn. I could ping from the remote office to the main office, but not the other way around.

I ended up going to Firewall -> Rules -> IPsec @ the remote office, and made an "any" rule (any protocol, source, port, destination, gateway). Once I did that, I could ping and traceroute both ways across the link.

Basically, you have to treat the IPsec tunnel as any other network adapter it seems. Hope this helps.
--mauirixxx

Running pfSense v2.1, virtualized in ESXi v5.1