IPSEC Net2Net Aggressive not working after reboot



  • Hi Guys,

    I have difficulitys with pfsense 2.3.1-p5 and an N2N-aggressive VPN.

    The VPN ist working nice,  but if I restart the pfSense and ping an IP behind the VPN - the ping won't be rerouted through the VPN after the Box is up again and has connected its VPN.
    The LAN IF of the Box always responds: Destinaion host not reachable.
    If I pause the ping for at least 1 minute und reping the target the destination host is reachable.
    But it won't work if I wait less than 1 minute.

    Do you have some suggestions to this topic ?

    regards


  • Rebel Alliance Developer Netgate

    Probably because it's getting a state leaving WAN before the VPN is up. Waiting allows the state to clear.

    Add a floating rule to REJECT outbound on WAN for any destination matching your remote VPN subnet(s). That will stop the leakage.