Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC rules loading error while bridging Wireless card to LAN interface

    Scheduled Pinned Locked Moved
    IPsec
    3
    5
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      erdnuss
      last edited by

      Morning,

      I get the following error in Diagnostics:Filter Reload Status while having  my Wireless Lan card bridged to my Lan interface.
      Diagnostics: Filter Reload Status

      There were error(s) loading the rules: no IP address found for bridge0/tmp/rules.debug:141: could not parse host specification no IP address found for bridge0 /tmp/rules.debug:142: could not parse host specification no IP address found for bridge0 /tmp/rules.debug:143: could not parse host specification no IP address found for bridge0 /tmp/rules.debug:144: could not parse host specification pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [141]: pass out quick on $WirelessAccessInterface proto udp from $WirelessAccessInterface to xx.xx.xx.xxx port = 500 keep state label "IPSEC: Xxxxx IPSEC - outbound isakmp"…

      This page will automatically refresh every 3 seconds until the filter is done reloading.

      It's pretty clear what it says, it can't aline any rules to the bridge0 interface since it has no ip address due to the bridging process.

      So my question is can i change any rules by hand?
      Cause as long as it can't aline such rules it wont establish any IPSEC connection with my other peer.
      Changing the interface name "$WirelessAccessInterface" to "lan" in /tmp/rules.debug would that help? Or does anyone has a better solution?

      It does say in my /tmp/rules.debug config:

      VPN Rules

      pass out quick on $wan proto udp from $wan to xx.xx.xx.xxx port = 500 keep state label "IPSEC: xxxxx IPSEC - outbound isakmp"
      pass in quick on $wan proto udp from xx.xx.xx.xxxto $wan port = 500 keep state label "IPSEC: xxxxx IPSEC - inbound isakmp"
      pass out quick on $wan proto esp from $wan to xx.xx.xx.xxxkeep state label "IPSEC: xxxxx IPSEC - outbound esp proto"
      pass in quick on $wan proto esp from xx.xx.xx.xxx to $wan keep state label "IPSEC: xxxxx IPSEC - inbound esp proto"
      pass out quick on $WirelessAccessInterface proto udp from $WirelessAccessInterface to xx.xx.xx.xxx port = 500 keep state label "IPSEC: xxxxx IPSEC - outbound isakmp"
      pass in quick on $WirelessAccessInterface proto udp from xx.xx.xx.xxx to $WirelessAccessInterface port = 500 keep state label "IPSEC: xxxxx IPSEC - inbound isakmp"
      pass out quick on $WirelessAccessInterface proto esp from $WirelessAccessInterface to xx.xx.xx.xxx keep state label "IPSEC: xxxxx IPSEC - outbound esp proto"
      pass in quick on $WirelessAccessInterface proto esp from xx.xx.xx.xxx to $WirelessAccessInterface keep state label "IPSEC: xxxxx IPSEC - inbound esp proto"

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        What version?

        1 Reply Last reply Reply Quote 0
        • E
          erdnuss
          last edited by

          pfSense-1.0-RC2-Embedded-128-meg

          sry forgot to mention that :(

          1 Reply Last reply Reply Quote 0
          • S
            sullrich
            last edited by

            Bzzt.  1.0-RC3 is out.  Upgrade.

            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by

              Yes, and that error was fixed right after RC2 was released with RC2a or b when I recall correctly.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post