On Tue, Sep 22, 2009 at 12:32 PM, Evgeny Yurchenko <[email protected]> wrote: > I know it looks stupid, but... > 1.2.3-RC1 > LAN=10.29.1.19/24 > WAN(PPPoE)=x.x.x.106 > > remote LAN=10.29.11.1/24 > remote WAN=x.x.x.225 > Tunnel is up. > > When I do from pfSense itself ping -S 10.29.1.19 10.29.11.1 everything goes > well, ESP packets and ping reply. > When I do ping 10.29.11.1 from 10.29.1.34 connected to LAN traffic goes > NATed out of WAN: > 18:51:33.862273 IP x.x.x.106 > 10.29.11.1: ICMP echo request, id 22499, seq > 57389, length 40 > > 10.29.1.0/24[any] 10.29.1.19[any] any > in none > spid=45 seq=3 pid=4536 > refcnt=1 > 10.29.11.0/24[any] 10.29.1.0/24[any] any > in ipsec > esp/tunnel/x.x.x.225-x.x.x.106/unique#16418 > spid=48 seq=2 pid=4536 > refcnt=1 > 10.29.1.19[any] 10.29.1.0/24[any] any > out none > spid=46 seq=1 pid=4536 > refcnt=1 > 10.29.1.0/24[any] 10.29.11.0/24[any] any > out ipsec > esp/tunnel/x.x.x.106-x.x.x.225/unique#16417 > spid=47 seq=0 pid=4536 > refcnt=1 > > Pleeease any hint -( > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > >
That is normal. Traffic on the firewall itself prefers the system routing table. Clients behind the firewall will prefer the IPSEC tunnel. Pretty sure that is documented somewhere on the doc site. Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
