Hello,
I set up a VPN with client-server mode. I used three virtual machines (client / gateway / VPN) on the same physical host to design the config files pf.conf and iked.conf. In the VMs, everything works as expected with this simple architecture : Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet But when I push the config files on the physical hosts gateway and VPN (with just changing interface names, host FQDN and IP addresses) I get a very strange behavior : the traffic is one way only ! After checking what happens (with tcpdump / pfctl and ipsecctl), this is what I see : - the tunnel is created by IKED between gateway and VPN, - the traffic from client is encrypted by the the gateway and sent in the tunnel, - the traffic is received and decrypted by VPN, - VPN send the traffic to Internet (with NAT), - VPN receives the answer from Internet, - the answer is not forwared back to client. Any clue on the source of this problem ? Thanks in advance.
