Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Established but no traffic

    IPsec
    2
    3
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Phil
      last edited by

      I'm having a bit of an issue with an IPSec VPN between two sites.

      The VPN link is reported as up but I cannot communicate over it…

      127dot0dot0dot1:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
80.229.71.16    0.0.0.0         255.255.255.240 U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.0.0.0        192.168.0.50    255.255.0.0     UG    0      0        0 eth1
192.168.0.0     192.168.0.1     255.255.0.0     UG    0      0        0 eth1
0.0.0.0         80.229.71.18    0.0.0.0         UG    0      0        0 eth0
127dot0dot0dot1:~# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
^C
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3013ms

127dot0dot0dot1:~# traceroute 10.0.0.1
traceroute to 10.0.0.1 (10.0.0.1), 30 hops max, 60 byte packets
 1  192.168.0.50 (192.168.0.50)  0.232 ms  0.410 ms  0.387 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  *^C
127dot0dot0dot1:~#

      I have, at present, accept firewall rules on both the WAN, LAN and IPSec interfaces to accept all traffic.

      I cannot packet log at site 2, however logging on re0 of the pfsense box at site1 shows that packets are sent when I ping a host at site 2 but no reply is received:

      13:47:41.144023 IP 80.229.71.19 > 81.106.133.4: ESP(spi=0x4a00ca23,seq=0x20), length 116

      When a host at site 2 pings a host in site 1, the packet is recived at site 1 but no reply sent:

      13:45:07.119877 IP 81.106.133.4 > 80.229.71.19: ESP(spi=0x02cefcf6,seq=0x2d), length 116

      EDIT: Interestingly, a traceroute from the pfsense box itself tries to send the packet over the Internet:

      traceroute -n 10.0.0.1

      traceroute to 10.0.0.1 (10.0.0.1), 64 hops max, 40 byte packets
      1  80.229.71.18  0.988 ms  0.852 ms  0.758 ms
      2  195.166.128.27  41.521 ms  37.537 ms  36.036 ms
      3  84.92.5.57  33.451 ms^C

      I'm not sure this is the issue though as the pings sent from another host are clearly being encrypted and sent.

      Does anyone have any ideas what the issue is here?

      Cheers

      Phil

      1 Reply Last reply Reply Quote 0
      • P
        Phil
        last edited by

        Solved… See http://forum.pfsense.org/index.php/board,16.0.html

        1 Reply Last reply Reply Quote 0
        • R
          ron9
          last edited by

          @Phil:

          Solved… See http://forum.pfsense.org/index.php/board,16.0.html

          I have exactly the same problem as you described, but the link you posted does not work.

          Can you tell me how you solved your problem?

          \Ronni

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.