Policy Based Routing into IPsec VPN broken since 2.8.0
-
Hello,
Since 2.8.0 (so also the 2.8.1beta) the PBR function is broken in PFsense.
I have this implemented as a simple firewall policy with a alternative gateway.
Only other item I found is this topic on Reddit:
https://www.reddit.com/r/PFSENSE/comments/1l49wp5/fix_280_broke_ipsec_policy_based_routing/The adjustment talked about here (I{Psec Filter Mode); When enabled on the client side of the VPN, it fixed the problem but only for traffic initiated on the client side. Initiated flows from the datacenter side do not work.
When I set this at the datacenter side, alot of things like other tunnels break.
Mind that the remote datacenter site is still running 2.7.2 but this is a big PFsense production platform which I cannot easily play with. (update to 2.8 to test)Rolled back to 2.7.2 and it works fine.
Does anyone have a clue why this problem seems to be ignored? -
Still running into this. No solution yet? :(
-
Tried 2.8.1 today. Still broken.
Changing back to Floating states in Advanced settings, or per Rule, does not fix the issue. -
Just managed to fix the issue. It was not related to the floating states thingy. They are all at default.
Under VPN -> IPsec -> Advanced settings, change "IPsec Filter Mode" to "On Assigned Interfaces"
This gives you a Firewall rules tab per (ipsec) interface, instead of the general "IPsec" firewall rules tab.
Now create rules on those tabs to allow traffic.