4. Disable Scrubbing on IPSEC interface only

Disable Scrubbing on IPSEC interface only

  • L

    We face a problem where fragmented UDP which should pass a otherwise working IPSEC tunnel between pfSense 2.4.2 and Windows 10 Clients. A capture at the pfSense on the IPSEC interface shows that the UDP fragments get reassembled and than passed down the IPSEC tunnel. My idea is that Windows 10 does not pass the oversized UDP packet to the Application after decryption.
    If we disable scrubbing under System -> Advanced -> Firewall&NAT the UDP fragments where not reassembled and passed as intended to the Application on the Windows 10 Client.
    Unfortunately with this configuration fragmented UDP packets from IKEv2 connections do not pass the WAN interface NAT/Firewall anymore and so new IPSEC tunnels will fail :-(
    So we like to disable scrubbing only on the IPSEC interface where it is not necessary anyway, no?

    Thanks

    Andreas

    0
  • L

    Looks like others are affected too : https://redmine.pfsense.org/issues/7801

    Any chance to get fragmented UDP across IPSEC Tunnels with pfSense??

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy