Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipsec and 1.2.3RC3

    Scheduled Pinned Locked Moved 1.2.3-PRERELEASE-TESTING snapshots - RETIRED
    5 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sylhouette
      last edited by

      Hello all

      I am using PFSense as my firewall, and use version 1.2 and now 1.2.3 Rc3
      On all locations, accepted my main office i have PFsense 1.2.3RC3 running.
      On my main office i have 1.2

      I have a ipsec tunnel to all (4) sites from my 1.2 to the 1.2.3RC3 sites.

      Now i upadted the Firewall with version 1.2 to 1.2.3 RC3

      The tunnel get connected, and i can ping, but i can not use cvsup.
      It makes a connection, but stops at the data part.
      ALso mysql traffic is not running.

      On my firewall in one of the locations i see the following in the log

      
      Nov 5 16:46:33 	pf: 000600 rule 170/0(match): block in on enc0: (tos 0x0, ttl 63, id 1768, offset 0, flags [DF], proto TCP (6), length 52) 192.168.1.22.5999 > 192.168.5.10.27617: F, cksum 0xb78c (correct), 0:0(0) ack 1 win 8326 <nop,nop,timestamp 1547352036="" 3034913895="">Nov 5 16:46:49 	pf: 15\. 411500 rule 170/0(match): block in on enc0: (tos 0x0, ttl 63, id 5672, offset 0, flags [DF], proto TCP (6), length 52) 192.168.1.22.5999 > 192.168.5.10.46198: F, cksum 0xaa84 (correct), 0:0(0) ack 1 win 8326 <nop,nop,timestamp 7024512="" 3035306115="">Nov 5 16:46:49 	pf: 000396 rule 170/0(match): block in on enc0: (tos 0x0, ttl 63, id 1294, offset 0, flags [DF], proto TCP (6), length 52) 192.168.1.22.5999 > 192.168.5.10.63936: F, cksum 0x763f (correct), 0:0(0) ack 1 win 8326 <nop,nop,timestamp 1530954024="" 3035134735="">Nov 5 16:46:49 	pf: 000564 rule 170/0(match): block in on enc0: (tos 0x0, ttl 63, id 57455, offset 0, flags [DF], proto TCP (6), length 52) 192.168.1.22.5999 > 192.168.5.10.27617: F, cksum 0x7ac4 (correct), 0:0(0) ack 1 win 8326 <nop,nop,timestamp 1547367596="" 3034913895=""></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp> 
      

      I have looked on the forum in several topics, but can not find a solution.
      I use DPD on both sides with a value of 30

      The strange thing is a can browse a samba server accros the tunnel and look at the intranet site (apache) behind the tunnel.
      Samba and apache are on the same machine as the csup server.

      If i go back to 1.2 all is working fine again.
      What can it be?

      regards,
      Johan

      1 Reply Last reply Reply Quote 0
      • I
        ISCGDave
        last edited by

        I am having a similar issue. I had 1.2.3 RC1 and an IPSec tunnel between 2 devices running just fine through the firewall. After upgrading to RC3 the tunnel connects but I cannot pass traffic. I am not seeing anything in the Pfsense logs and unfortunately I had to move the devices outside the fw and cannot do any additional testing.  :o

        1 Reply Last reply Reply Quote 0
        • I
          ISCGDave
          last edited by

          I'd like to add that I am not running NAT

          1 Reply Last reply Reply Quote 0
          • C
            covex
            last edited by

            I've seen this but not after upgrade. I exported ipsec setting from one router, change them a bit and import them into another. Same versions of pfSense. It says tunnel is established, ping goes OK but can't ssh or ftp to the host.
            Fixed by re-entering all tunnels.

            correction. ping doesn't go through but it says tunnel is established.

            1 Reply Last reply Reply Quote 0
            • S
              Sylhouette
              last edited by

              Thanks Covex.
              I used to backup my configuration file, and restore it.
              Now i installed pfsense nanobsd and configured it by hand, just like the 1.2 version.
              Now it all works.

              Thanks again

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.