Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec tunnel problem with 2.1.5 and 2.2rc

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    35 Posts 4 Posters 18.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tracer
      last edited by

      Update:
      Just check the 2.1.5 side and no packets go to the wrong Public IF of the 2.2.

      1 Reply Last reply Reply Quote 0
      • T
        tracer
        last edited by

        Updated and still same tunnnel problems ?

        2.2-RC (amd64)
        built on Fri Jan 16 11:53:08 CST 2015

        @Ermal: Do you think my NAT & Firewall Rules are ok on the WAN IF ?

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          What NAT again? You've already been told you cannot NAT IPsec.

          1 Reply Last reply Reply Quote 0
          • T
            tracer
            last edited by

            ::)
            Outbound NAT:
            Automatic Rules.

            And pls let me know where I was told to "not NAT IPsec" ?

            1 Reply Last reply Reply Quote 0
            • T
              tracer
              last edited by

              And BTW a just captured packets on my WAN and could see ISAKMP (Main Mode) going forth and back between both pfsenses.

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                @tracer:

                And pls let me know where I was told to "not NAT IPsec" ?

                https://forum.pfsense.org/index.php?topic=86590.msg475029#msg475029

                1 Reply Last reply Reply Quote 0
                • T
                  tracer
                  last edited by

                  @doktornotor: Checking my reply, I said I remove "any NAT rules" meaning the ones I manually created !
                  But as known, the "Automatic Outbound NAT rules" persist due the mode !
                  So I'm pretty sure that if config is correctly interpreted by pfSense no manual rule should interfere.

                  But my Question was if any of the other inbound rules could interfere with VPN ?
                  Do you have an answer for this ?

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    The automatic outbound NAT rules won't hurt anything with IPsec.

                    For inbound, if you have a port forward on UDP 500 or ESP traffic, that'll break it also. If you have a 1:1 NAT using the public IP where it terminates, that'll forward the traffic to an internal host and break things as well.

                    1 Reply Last reply Reply Quote 0
                    • T
                      tracer
                      last edited by

                      Hmm, thanks, but I can't find any inbound NATs with 500.
                      Maybe we should look at it using our old support contract ?

                      1 Reply Last reply Reply Quote 0
                      • C
                        cmb
                        last edited by

                        @tracer:

                        Maybe we should look at it using our old support contract ?

                        Commercial support is definitely the best answer. Your support expired over 5 years ago though, if you purchase to activate support on your account again, we can definitely assist.

                        1 Reply Last reply Reply Quote 0
                        • T
                          tracer
                          last edited by

                          I'll pm you on this, ok ?

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.