IPSEC tunnels display "connection established" but can not ping peer internal IP
-
So basically site to site IPsec is broke now correct? Has anyone got it to work yet?
-
I an unsure why it does not work for some people.
For me on first setup it works!
-
@ermal:
I an unsure why it does not work for some people.
For me on first setup it works!
Maybe it is related to the upgrade-procedure? Maybe the tunnel configs aren't transferred correctly when we upgrade from 2.1.5 to 2.2-beta?
-
@sgw:
Maybe it is related to the upgrade-procedure? Maybe the tunnel configs aren't transferred correctly when we upgrade from 2.1.5 to 2.2-beta?
No, I had a clean 2.2 install that was working well (road warrior config, shrewsoft client), then stopped working at some point with a new snapshot. I believe it stopped working after pfSense updated Strongswan from 5.1.x to 5.2.0, and/or FreeBSD 10.0 to 10.1 prerelease. Same symptoms as reported here: tunnel is established, but no traffic can pass.
@ermal:
I an unsure why it does not work for some people.
For me on first setup it works!
Site-to-site or mobile client? Can you post a config that works?
-
Next snapshot should fix the issue.
-
@ermal:
Next snapshot should fix the issue.
cool. Can you point us at the bug/commit solving this? I am interested in what the issue was? Thanks!
-
The issue was in some hashes had wrong size in the kernel due to some improvements done to ipsec.
That has been fixed now.
-
Thanks a lot! I upgraded to lastest snapshot . It's working now!
-
-
Kinda works for me, although the default gateway get's set to the IPSec connection. (OS X Mavericks)
Can't figure out why as I've only chosen the LAN subnet in phase2 and am running a similar config on 2.1.5 without problems.Anyone got the same problem?
-
although the default gateway get's set to the IPSec connection. (OS X Mavericks)
Can you show your IPSec config more detail? What do you mean "OS X Mavericks" here?