So i’ve wasted hours trying to make a simple Site-To-Site IPSec VPN between two pfSense without success.
This is what I’m triying to do. I want to route traffic between this both sites:
SITE A (Netgear 6100 appliance with 23.09.1-RELEASE )
pfSense LAN IP: 172.16.0.1 (network 172.16.0.0/16)
VLAN1: 192.168.20.0/24
VLAN2: 192.168.30.0/24
I’ve got some VLANs that want to also give access to SITE B Range.
SITE B (DigitalOcean Droplet with pfSense 2.7.1)
pfSense LAN IP: 10.110.0.2 (network 10.110.0.0./24)
No other VLANs on this site.
As shown in the IPSec status, connection is correctly stablished in both phases. But only Packets-Out traffic is getting changed.
The iPsec link seems to be stablished as ipsec status show everything correct. In the SADs and SPDs section I can see correctly the routes.
I’ve checked traffic outgoing from WAN, type ESP, and seems that traffic is going out correctly as IPSec stats showing Packets Out:
SITE A tcpdump on WAN showing ESP traffic out, no traffic in.
The same happens if I tcpdump on the SITE A PFSENSE and theck the wan interface for esp packets.
So really I don’t know what else to check, i’ve spend hours trying to make it work but no traffic is being redirected.
Some more info:
pfSense on SITE A is a Netgear 6100 appliance, but the pfSense on SITE B is a Droplet on DigitalOCean.
What can I do to troubleshoot this setup? Any help is welcome. Thanks in advance!!