• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Tunnel stopped working and I can't figure out why

Scheduled Pinned Locked Moved IPsec
4 Posts 3 Posters 504 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • 2
    24fun
    last edited by Aug 23, 2023, 6:30 AM

    I have IPSEC tunnels between multiple pfsense firwalls, and all worked fine until a few days ago one tunnel stopped working. It is really couriour, I cannot access Site A from site B and vice versa but it is no problem to reach A from C and B from C and I also can reach C from both sites A and B.

    The tunnels are als set up in the same matter, here are a few details, maybe someone sees something I overlook:

    Here is the status of site A, there are no packets out

    34ee6b1a-81ac-43ab-bfee-21787ca4307b-image.png

    Here is the status of site B, ** there are no packets in and out**

    39efbe9a-d87e-47c7-b9ab-f9cc3d0cfc84-image.png

    Here is the IPSEC log for site A, there seems to be traffic in both directions isn't?

    cebfa1ac-e87a-41a6-a80f-57fbbd5e7270-image.png

    Here is the IPSEC log for site B, there is also traffic:

    7b63cc4d-8742-4e47-86ca-d0fb11e1c70d-image.png

    So my first question: when there are packets sent in both directions, why the counters are 0 ?

    Traced packet trace at site A

    80d0d6c4-b6b2-4c25-ac16-e935445986e6-image.png

    Packet trace at site B - only UDP no ESP .... why?

    5add280a-ad2e-46cb-92bb-157c5494011f-image.png

    If someone can give any hint this would greatly appreciated, if someone needs more information, please write. Thank you so much!

    T 1 Reply Last reply Aug 23, 2023, 9:09 AM Reply Quote 0
    • T
      Topogigio @24fun
      last edited by Aug 23, 2023, 9:09 AM

      @24fun how are you routing tables and tracerts?

      I'm experiencing a lot lot lot of crazy problem with ipsec + routing after upgrade to 2.7

      1 Reply Last reply Reply Quote 0
      • 2
        24fun
        last edited by 24fun Aug 23, 2023, 2:14 PM Aug 23, 2023, 2:14 PM

        In the meantime i figured out, that setting the "NAT Traversal" in Site B from "Auto" to "Forced" in phase 1 settings, solved my problem. Curious, all other tunnels are running with this "auto" setting. ????

        1 Reply Last reply Reply Quote 0
        • P
          planedrop
          last edited by planedrop Aug 23, 2023, 10:30 PM Aug 23, 2023, 10:25 PM

          I've had no issues with IPSec on pf Plus at least, don't have a 2.7 system to test right now though, but that NAT setting normally shouldn't have to be adjusted.

          Just out of curiosity, are you seeing any MAC auth errors?

          I had an issue a while back, still not sure if it's solved or not (made a post with no responses) and haven't been able to test, but for some reason I was getting a ton of auth issues after updating pfSense to a newer version when it comes to IPSec, turned out that for some reason the option of using "My IP Address" wasn't properly authenticating and I had to manually specify the IP.

          Anyway, seems like that's not related to your issue but just wanted to double check since it was something I ran across and never managed to solve.

          Edit: here is that post I made: https://forum.netgate.com/topic/176502/had-to-manually-specify-identifier-ip-address-no-nat-involved-bug

          Another edit: this does appear to have been resolved, just got it working when before it wouldn't.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received