Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems with IPsec vpn between pfSense and Oracle Cloud Infrastructure

    Scheduled Pinned Locked Moved IPsec
    18 Posts 3 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RodrigoCBraga
      last edited by

      LogPart1
      LogPart2
      LogPart3
      LogPart4
      LogPart5
      LogPart6
      IPSEC
      IPSEC RULES
      NATOUTBOUND
      RULES WAN
      STATE FILTER
      STATIC RULES

      My set up.
      I hope you can help me.
      Thanks.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Delete any static routes you added like that 10.72.0.0/16 to 192.168.1.1. That is not how IPsec works.

        Honestly, it looks like your IPsec is doing what you asked it to do. Need to find out why the host in the cloud (10.72.112.30) isn't responding or why your traffic isn't coming back. That's more of an oracle question.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        R 1 Reply Last reply Reply Quote 0
        • R
          RodrigoCBraga
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • R
            RodrigoCBraga
            last edited by RodrigoCBraga

            I have a doubt.
            In pfsense it is possible to do configuration where in phase 2 has the network 0.0.0.0/0 as local and remote?
            Attached, screen with configuration between Palo Alto firewall and Oracle Cloud Infrastructure.
            Palo Alto Phase 2

            1 Reply Last reply Reply Quote 0
            • R
              RodrigoCBraga @Derelict
              last edited by

              @derelict
              Hello, can you still help me?

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Help how?

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                R E 2 Replies Last reply Reply Quote 0
                • R
                  RodrigoCBraga @Derelict
                  last edited by

                  @derelict said in Problems with IPsec vpn between pfSense and Oracle Cloud Infrastructure:

                  Help how?
                  Yes.

                  I have a doubt.
                  In pfsense it is possible to do configuration where in phase 2 has the network 0.0.0.0/0 as local and remote?
                  Attached, screen with configuration between Palo Alto firewall and Oracle Cloud Infrastructure.
                  Palo Alto Phase 2

                  1 Reply Last reply Reply Quote 0
                  • E
                    Ernani @Derelict
                    last edited by

                    @derelict

                    Hello, I would like to ask your attention to verify Oracle documentation and to comment that Pfsense is compatible and support Oracle VPNAAS.
                    1 - Oracle documentation to a Generic CPE:
                    https://docs.cloud.oracle.com/iaas/Content/Network/Reference/genericCPE.htm

                    Requirements for generic CPE devices are:

                    local=0.0.0.0/0
                    remote=0.0.0.0/0
                    service=any

                    Please let us know your thoughts about that.

                    Regards,
                    Ernani

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by Derelict

                      Personal opinion:

                      I think that is completely uncalled for.

                      On pfSense that will catch all traffic and send it over the tunnel unless extreme measures are taken to bypass it. And there is no way to bypass traffic from the firewall itself.

                      I cannot see how Oracle expects that to work for people.

                      Again, you should be able to create Phase 2 entries with your cloud subnet as remote and your local subnet(s) as local.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      E 1 Reply Last reply Reply Quote 0
                      • E
                        Ernani @Derelict
                        last edited by

                        @derelict

                        I agree with you, since I have configured others tunnels with different suppliers to Oracle without use that requirement, but I saw some intermittencies.

                        Thank you,
                        Ernani

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.