Firewall device running IPSec VPN cannot traverse VPN, but other hosts behind it can

Rino Bino

5/14/23, 5:16 PM

I have a hardware device (netgate brand) that acts as the firewall/router for my LAN.

It has an IPSec VPN connection to AWS VPC.

All hosts in the LAN can traverse the IPSec VPN successfully. Traffic flows back & forth fine.
The firewall device itself cannot.
All routes look ok
No security groups/firewalls are blocking anything at all right now during testing.

Is there any special trick or rules that generally need to be put in place to get the host that is running the IPSec tunnel itself to traverse the tunnel?

0 + 0

vpn

firewall

ipsec

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Firewall device running IPSec VPN cannot traverse VPN, but other hosts behind it can

TH: อุปกรณ์ไฟร์วอลล์ที่ใช้ IPSec VPN ไม่สามารถผ่าน VPN ได้ แต่โฮสต์อื่นๆ ที่อยู่เบื้องหลังสามารถทำได้

RO: Dispozitivul firewall care rulează VPN IPSec nu poate traversa VPN, dar alte gazde din spatele acestuia pot

RU: Устройство брандмауэра, на котором работает IPSec VPN, не может пройти через VPN, но другие хосты за ним могут

VI: Thiết bị tường lửa chạy IPSec VPN không thể đi qua VPN, nhưng các máy chủ khác đằng sau nó có thể

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.