Jan 14 20:01:21 racoon: : INFO: IPsec-SA request for X.Y.45.57 queued due to no phase1 found. When I ping the local host from the remote host, the reply ICMP packets arrive on the second local pfSense LAN interface, but again none seems to come out at the remote end.Ĭould the problem be with the remote pfSense? When I ping from the local host, the ICMP packets arrive on the local LAN interface of the 2nd pfSense box, enter the IPsec tunnel, but none seems to come out at the remote end. I configured another local pfSense box almost the same as the first one and set it up as the local tunnel endpoint: again similar results. When I ping the local host from the remote host, the reply ICMP packets go through the local pfSense WAN interface towards the router, but no such packet is logged on the LAN interface of the router.Ģ. I configured an access list on the LAN interface of the router to log the test traffic originating from the local host: no test packet seems to reach the LAN interface of the router. I moved the local IPsec tunnel endpoint to the local Cisco router and ran the same tests: similar results. This is very very strange or there's something too obvious that I can see!Ĭurrently, the IPsec VPN tunnel endpoints are the 2 pfSense firewalls.ġ. The reply packets from the local host do not reach the remote host.Īnyone has any idea what the cause of the problem could be? However, packets originating from the remote LAN, arrive at the local LAN without any issue. It seems the packets originating from the local LAN, after going into the IPsec tunnel, do not arrive at the remote LAN. Local IPsec: 4 ICMP requests from remote host 192.168.6.105 to local host 10.6.0.7, 4 ICMP replies from local host 10.6.0.7 to remote host 192.168.6.105 Remote IPsec: 4 ICMP requests from host 192.168.6.105 to host 10.6.0.7, No ICMP replyģ. ![]() ![]() Remote LAN: 4 ICMP requests from host 192.168.6.105 to host 10.6.0.7, No ICMP replyĢ. Local IPsec: 4 ICMP requests from 10.6.0.7 to remote host 192.168.6.105, No ICMP reply Local LAN: 4 ICMP requests from 10.6.0.7 to remote host 192.168.6.105, No ICMP replyĢ. Results of packet capture on LAN & IPsec interfaces of both pfSense firewalls:ġ. I did the following 2 tests and made packet captures on both sides: There's no rule in "Advanced Outbound NAT" page.ģ. ![]() ![]() I have "Allow" rules on all tabs (LAN & IPsec) for these 2 subnets.Ģ. LOCAL LAN LOCAL pfSense Cisco router INTERNET A router REMOTE pfSense REMOTE LANįrom local host 10.6.0.7/16, I'm trying to ping remote host 192.168.6.105/24, and vice-versa.ġ. As the title says, I have an IPsec site-to-site VPN up (can be seen from menu Status -> IPsec), but am unable to ping hosts on either side.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |