Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Phase 2 - Traffic Selector using LAN network for Other network

    IPsec
    1
    1
    329
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      neodolphin last edited by

      Hello everyone,

      So I've configured my IPSec tunnel, phase 1 no problem but phase 2 fail on the traffic selector where the traffic selector is using the local network for the other network…

      Logs (in reverse):

      
Jan 7 00:30:25 	charon 		07[IKE] <bypasslan|3190>traffic selectors 10.24.0.0/22|/0 === 10.25.0.0/22|/0 inacceptable
Jan 7 00:30:25 	charon 		07[CFG] <bypasslan|3190>10.24.0.0/22|/0
Jan 7 00:30:25 	charon 		07[CFG] <bypasslan|3190>proposing traffic selectors for other:
Jan 7 00:30:25 	charon 		07[CFG] <bypasslan|3190>10.24.0.0/22|/0
Jan 7 00:30:25 	charon 		07[CFG] <bypasslan|3190>proposing traffic selectors for us:
Jan 7 00:30:25 	charon 		07[CFG] <bypasslan|3190>looking for a child config for 10.24.0.0/22|/0 === 10.25.0.0/22|/0</bypasslan|3190></bypasslan|3190></bypasslan|3190></bypasslan|3190></bypasslan|3190></bypasslan|3190>

      Both ends are pfSense 2.4.2-RELEASE-p1, one of them is on internet directly, the other one is behind a NAT.
      Phase 1 is done with Mutual-RSA,  Auto-exclude LAN address is On.

      I've attached the screenshot of both conf from SSH

      Cheers
      ![07-01-2018 00-50-52.png](/public/imported_attachments/1/07-01-2018 00-50-52.png)
      ![07-01-2018 00-50-52.png_thumb](/public/imported_attachments/1/07-01-2018 00-50-52.png_thumb)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post