IPSEC block some return traffic

andmattia

Hi

We have configured a site-to-site VPN that uses HTTPS and certificate exchange and we have the following problem.

VPN 1.1.1.1 (ip public via the alias) -> 2.2.2.0/28 [internal network] -> NAT IPSEC 3.3.3.16/28 -> 4.4.4.128/28 remote network.

If I try from all exect one server, it does not go well but return traffic. The server has as 2.2.2.5 address does not go while I try from 2.2.2.6 it works. Now the strangest thing is that if the inverted IP and MAC address between the two server does not work the same. The thing we do not understand is that we have tried both with Linux / win 2012/2016 the situation is always the same.

Pfsense is installed on Hyperv and the machines are either on the same host or on different hosts.

Looking at the firewall logs I see

Action Time Interface Source Destination Protocol
Jul 26 16:43:43 IPsec 4.4.4.129 3.3.3.21 TCP:
Jul 26 16:43:43 IPsec 4.4.4.129:443 3.3.3.21:61974 TCP: A

I tried every one in the rules but it did not go.

The strange thing is that if I try to do the EasyRule Add told me the door is empty (the first rule ipsec rule is configured as the first rule with any to any … but nothing to do. The traffic is blocked by block 1000000103 .

Any idea what it might be?

andmattia

After some analisys I see that in one client the Handshake use TLSv1.2 in all other use SSL. I check all settings but machine win its quite similar…