On 22/09/09 17:36, Scott Ullrich wrote: > > That is normal. Traffic on the firewall itself prefers the system > routing table. Clients behind the firewall will prefer the IPSEC > tunnel. Pretty sure that is documented somewhere on the doc site. >
if you want connections initiated by the firewall to go over the IPSEC tunnel you have to add a static route to the remote LAN via the local LAN IP. e.g. if remote network is 10.20.30/24 and lan is 10.10.10.1 the static route looks like this... INTERFACE NETWORK GATEWAY LAN 10.20.30.0/24 10.10.10.1 however, the OP's problem seems to be a different one, so I think he has the wrong associations? might need to restart IPSEC on each end to be sure I have found it very useful to create an openvpn tunnel on remote firewalls but without routing (so that it's "private" between the two end-points), so that if the IPSEC tunnel goes wonky you can always ssh in and port forward to fix things! --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
