I fixed it with: http://phil.lavin.me.uk/2013/04/how-to-disable-icmp-redirects-in-pfsense/
Frank -----Original Message----- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Bryan D. Sent: August 8, 2016 3:37 AM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: Re: [pfSense] Route Issue over Ipsec > Good day, > > I have an issue routing related.. > > I found that page: > https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP%2C_use_syslog%2C_NTP%2C_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F > > It represent exactly what I'm having as issue.. > > I did exactly that.. but, as soon I do it, I get the following: > <snip'd> On 2016-Aug-06, at 8:28 AM, Francois Roussy <franc...@gestionfr.com> wrote: Don't know about Android issues, but "5. Routing OpenVPN through IPSec VPN on pfSense" on https://www.derman.com/blogs/IPSec-VPN-Firewall-Setup explains how we get routing across multiple site-to-site IPsec tunnels. This seems to work for LAN or VPN client connections to VPN-remote LANs via tcp/udp (subject to firewall rules) -- i.e., a mobile VPN client (IPsec or OpenVPN) can access LANs connected to pfSense via other IPsec VPN tunnels, including services such as SNMP on local and remote pfSense boxes ... which is what I guessed you were attempting to do. Don't know whether there's an easier way to accomplish it. The static route strategy used to work for us in 1.x versions of pfSense, but I couldn't get it to work with 2.x so I had assumed it was no longer applicable. If that's actually true, then someone should update the doc page. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
