Page 1 of 1

Pfsense to Mikrotik ipsec tunnel one way traffic

Posted: Thu Jun 06, 2019 7:23 pm
by Dylanchr3500
Hi All,

Hopefully someone can enlighten me.
We have 3 branches, head office and branch A and Branch B.

Head office 192.168.0.0/23
Branch A 192.168.2.0/24
Branch B 192.168.3.0/24

All three branches used to be on a mpls network with a central ISP breakout. We have moved head office which uses a pfsense gateway to a different ISP. Both branches require access to head office lan. The branches are using mikrotik rb2011. I have successfully established the ipsec tunnel between head office and branch A, I can ping anything on branch A lan from head office but from branch A to head office, no traffic is routed. If I try and use a trace route from branch A to head office the traffic is still trying to route over the mpls, these branches will only move to the new ISP next week.

Do the ipsec policies on the mikrotik try and apply before trying the default gateway? No routes to the 192.168.0.0 lan exist on the mikrotik.

I have configured the nat rule and firewall filter rules accordingly on the mikrotik.
I can post configs later. Just thought I could get the conversation started.
Can anyone guide me to a solution?

Re: Pfsense to Mikrotik ipsec tunnel one way traffic

Posted: Fri Jun 07, 2019 12:30 am
by Exiver
Post your configs. Everything else will only lead to guessing and that does not really help ;-) There are a few things you could check with that error but they all depend on configurations of your routerboard and pfsense.