Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No IKEv2 Phase 1 with IPv6 Client

    IPsec
    1
    2
    99
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rsdu
      last edited by rsdu

      Hi folks,

      We are currently migrating from OpenVPN to a new IKEv2 VPN on a pfSense 24.03 box. I followed the guide to set up the VPN and access using IPv4 is fine (Phase 1 ok, Phase 2 ok, all good, traces of successful connections in ipsec.log). However, when connecting through IPv6 there is no Phase 1 connectivity. I was able to verify that:

      • There is IPv6 traffic arriving on UDP Port 500 on the WAN interface of the pfSense box (verified through package capture)
      • There is a listener to UDP Port 500 for IPv4 and IPv6 on all interfaces.
      • IPv4 and IPv6 are configured in Phase 1 settings (dual stack).
      • Other IPv6 traffic (e.g. SSH) is fine.

      Unfortunately, there are no traces at all visible in the ipsec.log. Thus, I'm a bit short of ideas on how to further troubleshoot. Any idea is highly appreciated :)

      Many thanks and best regards
      Marvin

      PS: My trials are with the defaults Windows 11 VPN client.

      R 1 Reply Last reply Reply Quote 0
      • R
        rsdu @rsdu
        last edited by

        @rsdu Even though the documentation states that firewall rules are added automatically, firewall log shows that incoming traffic is blocked by the "default IPv6 incoming block" rule. I added UDP Port 500 and ESP to the ruleset and there we go ...

        1 Reply Last reply Reply Quote 0
        • First post
          Last post