Hello,

We have IPSec site2site tunnel from mikrotik to pfsense.

pfsense---IPSec--->RT1---LAN--->RT2

The tunnel is up and everything is reachable from the branch office (pfsense side) except RT2. I though the RT2 needs the route to the branch office LAN (192.168.55.0/24), but after adding the route the RT2 is still not reachable. We can't ping from HQ LAN to BO LAN and vice versa from/to RT2.
.252 is the default gw for all HQ LAN and it is the vrrp IP which is currently active on RT1 where ipsec tunnel is established. Still no luck.

Filter and NAT rules are the same on RT1 and RT2, so i figured if RT1 is accessible, RT2 should be also, if it has the route towards active router.

If we switch the VPN tunnel on RT2, we get the same results, RT1 becomes unreachable, and RT2 is working fine. So, we can reach only one router which has active VPN tunnel to the branch office.

Does anyone have an idea where could be the problem?
If you need any other information, please let me know.

Regards!