Phase 2 - Traffic Selector using LAN network for Other network

neodolphin

Hello everyone,

So I've configured my IPSec tunnel, phase 1 no problem but phase 2 fail on the traffic selector where the traffic selector is using the local network for the other network…

Logs (in reverse):

Jan 7 00:30:25 	charon 		07[IKE] <bypasslan|3190>traffic selectors 10.24.0.0/22|/0 === 10.25.0.0/22|/0 inacceptable
Jan 7 00:30:25 	charon 		07[CFG] <bypasslan|3190>10.24.0.0/22|/0
Jan 7 00:30:25 	charon 		07[CFG] <bypasslan|3190>proposing traffic selectors for other:
Jan 7 00:30:25 	charon 		07[CFG] <bypasslan|3190>10.24.0.0/22|/0
Jan 7 00:30:25 	charon 		07[CFG] <bypasslan|3190>proposing traffic selectors for us:
Jan 7 00:30:25 	charon 		07[CFG] <bypasslan|3190>looking for a child config for 10.24.0.0/22|/0 === 10.25.0.0/22|/0</bypasslan|3190></bypasslan|3190></bypasslan|3190></bypasslan|3190></bypasslan|3190></bypasslan|3190> 

Both ends are pfSense 2.4.2-RELEASE-p1, one of them is on internet directly, the other one is behind a NAT.
Phase 1 is done with Mutual-RSA,  Auto-exclude LAN address is On.

I've attached the screenshot of both conf from SSH

Cheers