VPN tunnel established but traffic is not being passed between local and remote network

twocrutchez · June 9, 2021, 11:36pm

Hey guys,

So I’m having some issues passing traffic through a site to site VPN tunnel established between PFSense and palo alto.

Phase 1 and Phase 2 entries look correct, Tunnel itself is established however I can’t ping the gateway on the other side and none of the devices on the remote network seem to be connecting to the server in our LAN.

I have a feeling that the issue might either be my firewall rules for IPSec or the static route I created for the traffic to pass through.

Host on local network:192.168.10.7/24

Devices on remote network:10.250.11.15-21/24

I’ve place an any any rule on the IPSec interface temporarily for troubleshooting.

Does anyone see anything obvious here that I’m missing?

LTS_Tom · June 10, 2021, 10:24am

Double check for mismatched ciphers, easy to overlook.

twocrutchez · June 11, 2021, 9:22am

Only question on that side of things is that the other side is using aes-cbc specifically. I don’t see any option for CBC in PFSense UI

LTS_Tom · June 11, 2021, 11:40am

If the ciphers don’t match the traffic will not route, choose one that is available on both sides.

RossBolton · July 3, 2021, 8:53am

This is the issue with your VPN provider you can try some other and see if it stops.