Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help sending flows to an IPsec destination

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 920 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sipple31
      last edited by

      I have a branch office running a Netgate 7541.  Default route over IPsec back to HQ.  I want to capture flows and send them back to our Orion server at HQ.  I've tried both softflowd and pfflowd with the same results.  I do this at some of our other locations with an ASA 5505… so it shouldn't be impossible.

      thanks!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You'll have to nudge the firewall to send the flows from a source of the LAN IP or similar, usually with a static route.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          sipple31
          last edited by

          I tried a static route without success.  Will attach some screenshots.  The source ping works fine.

          Flow is below:

          172.20.10.254 |pfsense| public IP <ipsec>internet <ipsec>|Corporate ASA| 172.20.1.1 <> 172.20.1.68 (Netflow Receiver)

          sfd.jpg
          sfd.jpg_thumb
          gw.jpg
          gw.jpg_thumb
          route.jpg
          route.jpg_thumb</ipsec></ipsec>

          1 Reply Last reply Reply Quote 0
          • S
            sipple31
            last edited by

            also tried setting the static route to 0.0.0.0/1 … flows still not making it.  I also did a pcap to confirm they are not making it.  I feel like I'm missing something simple......  :-\

            EDIT: BAH. Nevermind. pfflowd works with the static route in place. I absolutely could not get softflowd to work over IPsec. I'm happy.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.