Re: [pfSense Support] enc0 not routing traffic

[Fabien Bagard]

On 08/18/2011 04:33 PM, Jim Pingle wrote:
On 8/18/2011 10:29 AM, Fabien Bagard wrote:
[...]
 From the network beyond the PFSense, I can't ping machines beyond the
IPCop.
[...]
What gives me trouble is :
   * IPCop side, I have an ipsec interface, with an IP address and route
to the other side of the IPSec tunnel
   * PFSense side I have an enc0 interface, without IP address and no
trace of a route in the routing tables to the IPCop side :
There is no route for IPsec on FreeBSD. That's just how IPsec works.
If traffic matches the phase 2 for the tunnel, it goes on the tunnel.

Your problem may be elsewhere (firewall rules, etc) - some packet
captures should show you how the traffic is (or isn't) flowing.

Jim

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org
Thanks a lot for your fast reply Jim,

I'll have a look at my FW conf soon.

BTW, how can I set up a default gateway to tell all my traffic from 
PFsense LAN (subsidiary) to go through the IPSec tunnel (main office) ? 
Setting up the PFsense' default gateway is impossible because it has no 
ip address on the main office LAN : It has a WAN interface -192.168.2.1 
- and a LAN interface - 192.168.3.1, whereas mi main office LAN is 
192.168.1.X


| Main office  |----- IPCop ------ Internet ------- ISP Box --------- 
PFsense ------ | subsidiary  |
|192.168.1.X            |         public IPs                  |  
192.168.2.X   |              192.168.3.X   |
                            \   
\__________________________________________/   /
                             \_____________ 
________________________________/     IPSec tunnel


--
Fabien Bagard
IT Department
tel + 33 (0)1 48 03 60 40

--------------------------------------------------------------------------------
Parrot SA
174, Quai de Jemmapes | 75010 Paris - France
tel + 33 (0)1 48 03 60 60 | fax + 33 (0)1 48 03 70 08
http://www.parrot.com
--------------------------------------------------------------------------------

This e-mail message and any attached document(s) are for the sole use of
the intended recipient(s)and may contain confidential and legally
privileged information.
Any unauthorized review, copy, use and/or disclosure is prohibited.
If you are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original.


---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org