On Tue, Sep 22, 2009 at 6:36 PM, Evgeny Yurchenko <[email protected]> wrote: > Paul Mansfield wrote: >> >> On 22/09/09 17:36, Scott Ullrich wrote: >> >>> >>> That is normal. Traffic on the firewall itself prefers the system >>> routing table. Clients behind the firewall will prefer the IPSEC >>> tunnel. Pretty sure that is documented somewhere on the doc site. >>> >>> >> >> if you want connections initiated by the firewall to go over the IPSEC >> tunnel you have to add a static route to the remote LAN via the local >> LAN IP. >> >> e.g. if remote network is 10.20.30/24 and lan is 10.10.10.1 the static >> route looks like this... >> >> INTERFACE NETWORK GATEWAY >> LAN 10.20.30.0/24 10.10.10.1 >> > > Sorry, it does not make much sense to me. You can have this route but it > will never work.
Yes it does. It's in the FAQ. http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP%2C_use_syslog%2C_NTP%2C_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
