Where are my packets ?
-
Hello,
i'm having a problem with IPSec tunnel.
I have two WAN card and i want to setup tunnels on the 2nd WAN card (it is working properly on the first (but the 2nd card have more bp))
When i configure IPSec on the 2nd card it doesn't work at all.
So i ran a couple of test and it seems packets are dropped between tcpdump & the wire, explanation :
I have a computer between the 2nd WAN ward and the router which is running wireshark with port mirrored & promiscious , so he received all packets.
On the TCPDUMP i can see some ISAKMP packets going out, but the computer with wireshark never saw them, HOW ?
In the other way, the computer with wireshark see ISAKMP from remote router, but the tcpdump on the pfsense doesn't show them.
Any idea ? Is pfsense blocking on purpose connection from the 2nd WAN card? It seems that the 2nd card is discarding packet with source port 500, is there a way to check those dropped packets anywhere?
-
To give you an exemple :
I send some packet from a remote site to my site, here is the output of the wireshark between the router and the local router :
Four packets with port 500 as source (to simulate isakmp 500 <> 500) and four différents destination points (to show you the problem)
Here is the TCPDUMP of the pfsense :
Why the packet with port 500 source & port 500 destination isn't shown on the tcpdump ?