On 08/18/2011 04:33 PM, Jim Pingle wrote:
On 8/18/2011 10:29 AM, Fabien Bagard wrote:
[...]
From the network beyond the PFSense, I can't ping machines beyond the
IPCop.
[...]
What gives me trouble is :
* IPCop side, I have an ipsec interface, with an IP address and route
to the other side of the IPSec tunnel
* PFSense side I have an enc0 interface, without IP address and no
trace of a route in the routing tables to the IPCop side :
There is no route for IPsec on FreeBSD. That's just how IPsec works.
If traffic matches the phase 2 for the tunnel, it goes on the tunnel.
Your problem may be elsewhere (firewall rules, etc) - some packet
captures should show you how the traffic is (or isn't) flowing.
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
Thanks a lot for your fast reply Jim,
I'll have a look at my FW conf soon.
BTW, how can I set up a default gateway to tell all my traffic from
PFsense LAN (subsidiary) to go through the IPSec tunnel (main office) ?
Setting up the PFsense' default gateway is impossible because it has no
ip address on the main office LAN : It has a WAN interface -192.168.2.1
- and a LAN interface - 192.168.3.1, whereas mi main office LAN is
192.168.1.X
| Main office |----- IPCop ------ Internet ------- ISP Box ---------
PFsense ------ | subsidiary |
|192.168.1.X | public IPs |
192.168.2.X | 192.168.3.X |
\
\__________________________________________/ /
\_____________
________________________________/ IPSec tunnel
--
Fabien Bagard
IT Department
tel + 33 (0)1 48 03 60 40
--------------------------------------------------------------------------------
Parrot SA
174, Quai de Jemmapes | 75010 Paris - France
tel + 33 (0)1 48 03 60 60 | fax + 33 (0)1 48 03 70 08
http://www.parrot.com
--------------------------------------------------------------------------------
This e-mail message and any attached document(s) are for the sole use of
the intended recipient(s)and may contain confidential and legally
privileged information.
Any unauthorized review, copy, use and/or disclosure is prohibited.
If you are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original.
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org