Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ENC0 blocking when ipsec is open

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 6.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nambi
      last edited by

      my active directory will not populate from my trusted domain through my ipsec tunnel.

      Each time I try to pull objects out of my remote domain my psfsence logs show, my watchguard is on 192.168.2.2 my pfsence (70...48)=192.168.1.2

      Sep 14 19:35:02 NG0 206.111.140.12 70...48 ICMP
      Sep 14 19:35:02 NG0 206.111.140.12 70...48 ICMP
      Sep 14 19:35:01 NG0 206.111.140.12 70...48 ICMP
      Sep 14 19:34:47 WAN 192.168.1.50 224.0.0.1 IGMP
      Sep 14 19:33:46 WAN 192.168.1.50 224.0.0.1 IGMP
      Sep 14 19:32:46 WAN 192.168.1.50 224.0.0.1 IGMP
      Sep 14 19:32:00 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
      Sep 14 19:31:54 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
      Sep 14 19:31:48 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
      Sep 14 19:31:46 WAN 192.168.1.50 224.0.0.1 IGMP
      Sep 14 19:31:42 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
      Sep 14 19:31:30 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
      Sep 14 19:31:25 NG0 208.93.105.8 70...48 ICMP
      Sep 14 19:31:25 NG0 208.93.105.8 70...48 ICMP
      Sep 14 19:31:24 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
      Sep 14 19:31:24 NG0 208.93.105.8 70...48 ICMP
      Sep 14 19:31:18 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
      Sep 14 19:31:13 ENC0 192.168.2.2:1435 192.168.1.2:389 UDP
      Sep 14 19:31:12 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP

      When I remove my pfsense box and hook up my watchguard I have no issues.  the objects populate.  can someone please tell me how to create a rule to allow this to pass?  I am stumped been working on these rules for a long time and I just don't know what else to try.

      Any advice is greatly appreciated.

      Even when I say all to all any to any it the logs are similar.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Double check your rule on IPsec. Is it really an any/any rule, or is the protocol set for TCP instead of any?

        All of the blocks on enc0 are UDP, which makes me think that your rule on the IPsec interface is not set to allow UDP.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • N
          nambi
          last edited by

          Do i need to create any ipec rules? Any computer that connects through IPEC i have authorized anyways, therefore I allow them full access to the system?

          Doesn't' rules just start adding restrictions? so if I had no rules listed would it be fully open for anyone connecting through IPSEC?

          Or by default are the common ports blocked?

          Thanks

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Everything is blocked by default.

            If you want to allow access in across the tunnel, you need rules on the tunnel interface.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.