• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Disable Scrubbing on IPSEC interface only

Scheduled Pinned Locked Moved IPsec
2 Posts 1 Posters 956 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    lst_hoe
    last edited by Mar 7, 2018, 4:57 PM

    We face a problem where fragmented UDP which should pass a otherwise working IPSEC tunnel between pfSense 2.4.2 and Windows 10 Clients. A capture at the pfSense on the IPSEC interface shows that the UDP fragments get reassembled and than passed down the IPSEC tunnel. My idea is that Windows 10 does not pass the oversized UDP packet to the Application after decryption.
    If we disable scrubbing under System -> Advanced -> Firewall&NAT the UDP fragments where not reassembled and passed as intended to the Application on the Windows 10 Client.
    Unfortunately with this configuration fragmented UDP packets from IKEv2 connections do not pass the WAN interface NAT/Firewall anymore and so new IPSEC tunnels will fail :-(
    So we like to disable scrubbing only on the IPSEC interface where it is not necessary anyway, no?

    Thanks

    Andreas

    1 Reply Last reply Reply Quote 0
    • L
      lst_hoe
      last edited by Mar 14, 2018, 1:21 PM

      Looks like others are affected too : https://redmine.pfsense.org/issues/7801

      Any chance to get fragmented UDP across IPSEC Tunnels with pfSense??

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received