Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dynamic Routing IPSec with OSPF, Printing issues

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 14 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      elamigosam2
      last edited by

      Last night I changed our IPSec configuration from tunnel ipv4 to Routed VTI.
      We have 4 Netgate Pfsense Routers. I configured them in a hub-spoke topology as it was before the upgrade. I configured the IPSec phase 2 settings similar to the example given in the Dynamic Routing video (with /30 network and address, different for each link). Then i enabled the new interfaces and allowed all traffic on the ipsec interface firewall (to make sure it all worked).

      Then Downloaded and installed the frr package.
      Configured the Global settings, then configured the OSPF settings, then added the interfaces on the Interfaces tab.

      My setup is as follows: office2 is the hub, and office1, office3, office5 are the spokes. office1,office3,office5 connect to office2.

      I can ping the router from office3 to office2
      I can access network shares from office3 on office2 and the other way around.
      I can access printer web gui from either site.
      However, when I try to print over the VPN i get printer errors.
      Printing PDF files, single page print and even the Windows print page.
      There are no errors when printing on the same location (local network)

      The printer is connected through Ethernet and the error i get are the following:

      #[diprintd(213)]25/08/15 16:34:07 diprint data send timeout ERR:

      after some research, it looks like the errors are related to receiving the data to print.

      I am thinking this is due to the new IPSec and OSPF configuration.

      I tried increasing the diprint timeout from 15 sec to 3600 sec on the printer, but it did not worked.

      I also cleared the ARP table from all the routers and press the red Force Service Restart button on the Global settings of FRR

      I double checked all the settings and matched them to a lab network configuration i have and they are all ok.

      Also under System/Advanced/Firewall, under VPN packed processing I enabled the "Enable MSS clamping on VPN traffic" check box and set the values to 1400.

      No luck, same error when printing.

      any ideas what could be causing this issue?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.