IPSEC Net2Net Aggressive not working after reboot
I have difficulitys with pfsense 2.3.1-p5 and an N2N-aggressive VPN.
The VPN ist working nice, but if I restart the pfSense and ping an IP behind the VPN - the ping won't be rerouted through the VPN after the Box is up again and has connected its VPN.
The LAN IF of the Box always responds: Destinaion host not reachable.
If I pause the ping for at least 1 minute und reping the target the destination host is reachable.
But it won't work if I wait less than 1 minute.
Do you have some suggestions to this topic ?
Probably because it's getting a state leaving WAN before the VPN is up. Waiting allows the state to clear.
Add a floating rule to REJECT outbound on WAN for any destination matching your remote VPN subnet(s). That will stop the leakage.