Where are my packets ?

  • Hello,

    i'm having a problem with IPSec tunnel.

    I have two WAN card and i want to setup tunnels on the 2nd WAN card (it is working properly on the first (but the 2nd card have more bp))

    When i configure IPSec on the 2nd card it doesn't work at all.

    So i ran a couple of test and it seems packets are dropped between tcpdump & the wire, explanation :

    I have a computer between the 2nd WAN ward and the router which is running wireshark with port mirrored & promiscious , so he received all packets.

    On the TCPDUMP i can see some ISAKMP packets going out, but the computer with wireshark never saw them, HOW ?

    In the other way, the computer with wireshark see ISAKMP from remote router, but the tcpdump on the pfsense doesn't show them.

    Any idea ? Is pfsense blocking on purpose connection from the 2nd WAN card? It seems that the 2nd card is discarding packet with source port 500, is there a way to check those dropped packets anywhere?

  • To give you an exemple :

    I send some packet from a remote site to my site, here is the output of the wireshark between the router and the local router :

    Four packets with port 500 as source (to simulate isakmp 500 <> 500) and four différents destination points (to show you the problem)

    Here is the TCPDUMP of the pfsense :

    Why the packet with port 500 source & port 500 destination isn't shown on the tcpdump ?

Log in to reply