Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED]IPSec problem

    Scheduled Pinned Locked Moved 2.4 Development Snapshots
    11 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hugovsky
      last edited by

      I'm having some problems with ipsec in 2.4. With a clean install, I've created manually one site-to-site tunnel that was working previously, with 2.3.3. I can establish communication but can't ping and no traffic with old firewall rules. The only way I can ping remote is if I put the "all to all" generic rule in ipsec interface. But, if I do that, I get strange ips and protocols in states. Can't understand what's happening.

      I've tried with the latest (today) beta. Hardware is A1SRi-2558 with 16GB connected thru fiber. No pppoe.

      states.jpg
      states.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • S
        sgw
        last edited by

        Same issue like https://forum.pfsense.org/index.php?topic=123892.0 ?

        1 Reply Last reply Reply Quote 0
        • H
          Hugovsky
          last edited by

          Not really. Although I have "route: writing to routing socket: Invalid argument" is something else, and disappears when I disable one of my IPSec Tunnels (net2net).

          But this is different. My problem are those ips that are showing. Where are they coming from? Why I can't ping remote and with 2.3.3 I can?

          1 Reply Last reply Reply Quote 0
          • H
            Hugovsky
            last edited by

            After further investigation, it seems to be this issue:

            https://forum.pfsense.org/index.php?topic=117827.0

            and

            https://redmine.pfsense.org/issues/6937
            https://redmine.pfsense.org/issues/7015

            EDIT: those ip only show up when ipsec vpn on remote is from behind NAT.

            1 Reply Last reply Reply Quote 0
            • S
              sgw
              last edited by

              I don't use mobile IPSEC and my WAN is not behind (my) NAT … afaik.    ???

              I don't mind running 2.4 so far, I am happy with 2.3.3 on my APU but the netgate SG-1000 came with 2.4 beta ...

              1 Reply Last reply Reply Quote 0
              • H
                Hugovsky
                last edited by

                I'm reverting back to 2.3.3 until IPSec is usable. ZFS and freebsd 11 would be nice to have though. But I can wait. No problem.

                1 Reply Last reply Reply Quote 0
                • S
                  sgw
                  last edited by

                  I also can wait. Just want to avoid the hassle of reinstalling on SG-1000 as long as I can.
                  My plan: plug in and upgrade the SG-1000 every few days and see if patches roll in  ;)

                  latest update does not fix the issue, I also rechecked that floating "sloppy" rule, does not work for me.

                  1 Reply Last reply Reply Quote 0
                  • S
                    sgw
                    last edited by

                    @Hugovsky:

                    https://redmine.pfsense.org/issues/6937
                    https://redmine.pfsense.org/issues/7015

                    Both bugs fixed by devs, installed today's update and IPSEC now works for me on 2.4beta with the SG-1000.
                    I also removed that sloppy firewall rule, btw

                    1 Reply Last reply Reply Quote 0
                    • H
                      Hugovsky
                      last edited by

                      Awesome. Thanks for the report.

                      1 Reply Last reply Reply Quote 0
                      • H
                        Hugovsky
                        last edited by

                        My problem are gone with latest snapshot. Thanks PFSENSE Team!

                        1 Reply Last reply Reply Quote 0
                        • S
                          sgw
                          last edited by

                          @Hugovsky:

                          My problem are gone with latest snapshot. Thanks PFSENSE Team!

                          thanks from me as well  ;)

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.