Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Full Duplex breaks IPSec?

    Scheduled Pinned Locked Moved IPsec
    6 Posts 3 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      icnivad
      last edited by

      Hi,
      ive got a strange Problem hopfully somebody can help.

      We have a Pfsense in the Office and one Pfsense as Endpoint in an Testlab conncted through IPSEC. This worked as expected.
      We also access the Testlab through an PPTP Tunnel, also works great but i recognized slow throughput. With a deeper look i found that the WAN Port is not set to Full Duplex.

      I changed this with:
      ifconfig fxp0 139.25.252.100 media 100BaseTX mediaopt full-duplex
      (I have no control over the switch)

      PPTP-Throughput is now fine, but i don't get a connection with IPSec any longer…
      After a reboot of the FW> Wanport is no longer full-duplex > Ipsec works again

      Could somebody help me out where to have a look?

      Regards Tom

      1 Reply Last reply Reply Quote 0
      • I
        icnivad
        last edited by

        Sorry to ask again,
        has nobody an idea wher to begin to troubleshoot? I am not very expierenced with IPSEC but i don't get why Duplex/fullduplex makes a difference…

        Like i said before: Config works when one side is 100baseTX fullduplex the other one 100baseTX

        and i change both having 100baseTX fullduplex its not working.

        As far as i can see from the logs it seems that the tunnel is established but i can't get a ping/traffic through...

        Regards
        Thomas

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          Most likely because by forcing full duplex you're creating a duplex mismatch, which will cause all kinds of problems.

          1 Reply Last reply Reply Quote 0
          • I
            icnivad
            last edited by

            Hi,

            Thanks for your reply.
            The only thing wjich braks is IPSEC… Normal Access through NAT or PPTP Tunnel is working with a good Data Throughput...

            If i had a duplex missmatch, i would suspect nothing is working...

            1 Reply Last reply Reply Quote 0
            • K
              karamanr
              last edited by

              Most hardware now days will continue to work even with duplex mismatch. What errors do you get in IPsec logs?

              1 Reply Last reply Reply Quote 0
              • I
                icnivad
                last edited by

                Just an Update, i solved my Problem…

                The IPSEC Logfiles were OK, no errors Connected but no traffic

                the Problem was the one site was configured for DHCP not static...

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.