So, i’ve got 2 pfsense devices, one is a VM on my colocated server, one is on metal at home.
I recently set up a IPSec tunnel between them, it shows as up, but I can’t ping either side from each other. I don’t see anything fishy in the logs… I’ve verified configuration is identical on both sides, and changing encryption settings doesn’t seem to do anything. They both have a firewall rule to pass any traffic on the IPSec interface.
It’s gonna sound silly to ask, but they are allowing ICMP traffic?
Sorry bud, I got nothing useful to suggest
that your tunnel is up is one point, what about your routing and Firewall rules?
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/firewall-rules.html
https://docs.netgate.com/pfsense/en/latest/routing/index.html
firewall rules on both sides are set to pass any and all traffic on IPSec
I can’t add a static route because it requires a gateway, and IPSec doesn’t provide a interface to add as a gateway
I don’t use IPsec, I’m still using OpenVPN at the moment, but I will change to Wireguard as soon the plugin works with CARP, or at least test it to see if it brings advantages.
Here the config for an IPsec Interface
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routed-vti.html
Managed to figure it out. I now have a reliable site to site set up.
Now the question is, how do I get my mobile wireguard clients to get connections over the ipsec tunnel? I’m not sure how to add a route between them…