https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162018-06-07T12:34:01ZpfSense bugtrackerpfSense - Bug #8551: Routed IPsec/VTI is unable to communicate from the ipsecX interface address to a routed targethttps://redmine.pfsense.org/issues/8551?journal_id=366752018-06-07T12:34:01ZJim Pingle
<ul></ul><p>This appears to be related to the automatic rules to pass traffic out from the firewall itself, for example:</p>
<pre>
pass out route-to ( ipsec5000 10.6.106.1 ) from 10.6.106.2 to !10.6.106.0/24 tracker 1000010116 keep state allow-opts label "let out anything from firewall host itself"
</pre>
<p>If I remove the <code>route-to ( ipsec5000 10.6.106.1 )</code> portion of the above rule, it works. I need to do some more tests to see if it affects all route-to traffic or only this case.</p> pfSense - Bug #8551: Routed IPsec/VTI is unable to communicate from the ipsecX interface address to a routed targethttps://redmine.pfsense.org/issues/8551?journal_id=366762018-06-07T14:10:08ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Do not put "route-to" on rules for traffic outbound from the firewall itself on ipsecX interfaces..." href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/a273f7bdff455a50156ab004358ba3909fa1fee7">a273f7bdff455a50156ab004358ba3909fa1fee7</a>.</p> pfSense - Bug #8551: Routed IPsec/VTI is unable to communicate from the ipsecX interface address to a routed targethttps://redmine.pfsense.org/issues/8551?journal_id=367342018-06-20T08:37:52ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>Works fine now</p>