Troubleshooting help

Flurkmark · May 29, 2016, 1:02 PM

Hello.
I have a box connecting to four other boxes (all pfsense, varying versions) with ipsec.
The 'main' box running 2.3.1, the troublesome box also 2.3.1

Remote box #4, I cannot get traffic to. Logging into the remote box on the wan ip, I can ping stuff inide the main box network, using LAN as source. From main box, I can not ping anything on box #4 lan network. The three other tunnels works just fine.

Tunnel is up, nothing strange in logs, no wierd routes messing up..

Any tips on how to go about finding the problem? Tried all I can think of, deleteing tunnels and re-doing, rebooting etc.
If it matters, #4 is the last one added.
All remote boxes are on DHCP with DYNDNS.
Main is 192.168.1.0/24
#2 is 192.168.2.0/24
#3 is 192.168.3.0/24
#4 is 192.168.4.0/24
#5 is 10.5.5.0/24

Grateful for any tips on how to find the issue, which I am guessing is at the main box.

sebyp · May 29, 2016, 3:29 PM

Hi,

Presuming that the IPsec associtations are up I would start by doing a TCPDUMP on the IPsec encryption interface, named enc0. Here's below a snippet


tcpdump -i enc0 host A.B.C.D and ICMP

Where obviously A.B.C.D is either your source or destination address. Try this command on both fws (both main and remote #4), see what traffic comes via the interfaces.

Have also a look the Firewall => IPsec tab, maybe you're dropping traffic there.

Just my 2c.

Flurkmark · May 29, 2016, 5:28 PM

Doh! The ipsec firewall rule on remote. Fsck, forgot about that little gem. Thanks!