Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Troubleshooting help

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 890 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Flurkmark
      last edited by

      Hello.
      I have a box connecting to four other boxes (all pfsense, varying versions) with ipsec.
      The 'main' box running 2.3.1, the troublesome box also 2.3.1

      Remote box #4, I cannot get traffic to. Logging into the remote box on the wan ip, I can ping stuff inide the main box network, using LAN as source. From main box, I can not ping anything on box #4 lan network. The three other tunnels works just fine.

      Tunnel is up, nothing strange in logs, no wierd routes messing up..

      Any tips on how to go about finding the problem? Tried all I can think of, deleteing tunnels and re-doing, rebooting etc.
      If it matters, #4 is the last one added.
      All remote boxes are on DHCP with DYNDNS.
      Main is 192.168.1.0/24
      #2 is 192.168.2.0/24
      #3 is 192.168.3.0/24
      #4 is 192.168.4.0/24
      #5 is 10.5.5.0/24

      Grateful for any tips on how to find the issue, which I am guessing is at the main box.

      1 Reply Last reply Reply Quote 0
      • S
        sebyp
        last edited by

        Hi,

        Presuming that the IPsec associtations are up I would start by doing a TCPDUMP on the IPsec encryption interface, named enc0. Here's below a snippet

        
        tcpdump -i enc0 host A.B.C.D and ICMP
        
        

        Where obviously A.B.C.D is either your source or destination address. Try this command on both fws (both main and remote #4), see what traffic comes via the interfaces.

        Have also a look the Firewall => IPsec tab, maybe you're dropping traffic there.

        Just my 2c.

        1 Reply Last reply Reply Quote 0
        • F
          Flurkmark
          last edited by

          Doh! The ipsec firewall rule on remote. Fsck, forgot about that little gem. Thanks!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.