IPSEC block some return traffic
We have configured a site-to-site VPN that uses HTTPS and certificate exchange and we have the following problem.
VPN 126.96.36.199 (ip public via the alias) -> 188.8.131.52/28 [internal network] -> NAT IPSEC 184.108.40.206/28 -> 220.127.116.11/28 remote network.
If I try from all exect one server, it does not go well but return traffic. The server has as 18.104.22.168 address does not go while I try from 22.214.171.124 it works. Now the strangest thing is that if the inverted IP and MAC address between the two server does not work the same. The thing we do not understand is that we have tried both with Linux / win 2012/2016 the situation is always the same.
Pfsense is installed on Hyperv and the machines are either on the same host or on different hosts.
Looking at the firewall logs I see
Action Time Interface Source Destination Protocol
Jul 26 16:43:43 IPsec 126.96.36.199 188.8.131.52 TCP:
Jul 26 16:43:43 IPsec 184.108.40.206:443 220.127.116.11:61974 TCP: A
I tried every one in the rules but it did not go.
The strange thing is that if I try to do the EasyRule Add told me the door is empty (the first rule ipsec rule is configured as the first rule with any to any … but nothing to do. The traffic is blocked by block 1000000103 .
Any idea what it might be?
After some analisys I see that in one client the Handshake use TLSv1.2 in all other use SSL. I check all settings but machine win its quite similar…