IPSec won't route to a different Gateway

ckraimer

I am trying to route my IPSec connections out a vpn pipe instead of WAN.  It seems as though no matter what I do the traffic continues to go out the WAN.  This worked fine on 2.0.3.  I'm on today's build of 2.1 and here is my IPSec routing:

IPv4 * * * * * VPN_VPNV4 none

I believe this to be a bug in 2.1.

jimp

Try a new snapshot from today or tomorrow, I believe someone committed a fix that might be relevant last night. I think it was ignoring 0.0.0.0/0 in IPsec P2's.

ckraimer

I upgraded to this build: 2.1-RC0 (amd64) built on Tue Jun 4 08:40:43 EDT 2013

and continue to see the same behavior.  I'll try again in a couple days.

ckraimer

I upgraded again and I think things are a little worse now.
The attachment shows the ipsec log with all kinds of interesting events.

[ipsec log.txt](/public/imported_attachments/1/ipsec log.txt)

ckraimer

The latest updates have improved the crashing of ipsec for me, so we're back to the original problem.  However, upon a closer look, the routing problem appears to be on the client side.  The traffic is not routing through the vpn on the client.

ckraimer

I made an interesting discovery - I have 2 pfsense boxes - one is 2.0.3 and the other is 2.1.  The ipsec servers are configured exactly the same, and I used the same client, just changed the server i was connecting to.  I don't know much about these things, but something seems wrong here.  192.168.111.10 is the random address i give my ipsec vpn client.

Here are the routing tables from each:

2.1 and Broken:
IPv4 Route Table

Active Routes:
Network Destination        Netmask          Gateway      Interface  Metric
          0.0.0.0          0.0.0.0      192.168.X.X    192.168.X.X92    110
          0.0.0.0          0.0.0.0        On-link    192.168.111.10    31
  <public ip.171="">  255.255.255.255      192.168.X.X    192.168.X.X92    11
Other irrelevant things*

2.0.3 and Work
IPv4 Route Table

Active Routes:
Network Destination        Netmask          Gateway      Interface  Metric
          0.0.0.0          0.0.0.0      192.168.X.X    192.168.X.X92    10
  <public ip.216="">  255.255.255.255      192.168.X.X    192.168.X.X92    11
Other irrelevant things*</public></public>

ckraimer

I tried everything I could think of but couldn't get traffic to flow through ipsec vpn.
My OpenVPN is hosed in 2.1 as well, I can't run a server and a client at the same time and these errors are thrown every minute:
MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
MANAGEMENT: CMD 'status 2'
MANAGEMENT: CMD 'quit'
write to TUN/TAP : Invalid argument (code=22)

I'd really like to see 2.1 ready for production but it seems quite rough at this point from a vpn perspective.  How can I help to resolve all of these vpn issues?