Noob here need help with ipsec tunnel



  • Hi,

    I am fairly new to pfsense and am having a problem setting up a tunnel between two satellite offices

    Here is what we have

    HQ
    1 Asterisk box
    1 FreeBSD VPN server
    Static address
    Local subnet 10.1.0.1

    Satellite 1
    1 FreeBSD VPN server
    Static Address
    Local subnet 10.10.10.0

    Satellite 2
    1 Asterisk box
    1 PFSense VPN/Firewall
    Static Address
    Local subnet 192.168.11.0

    I run satellite office 2 and choose PFSense after getting totally lost in FreeBSD.
    I have access to HQ and Sat1 configurations via "puppet access" (Read: Pick up the phone and talk to the sysadmin there)
    We connected the two asterisk boxes via public IP and firewall rules over a year ago. There was no VPN need from Sat2 to HQ or Sat1 then. That has been working AOK since.
    About 2 months ago I setup PFSense and configured a tunnel to HQ. That works fine.
    Last week it was decided we needed VPN access to Sat1. This is where everything  fell apart.

    THE PROBLEM.
    I configured the tunnel to SAT2 as I was instructed (Basically an identical setup to the HQ tunnel but with different keys/addresses and subnets). This has only worked once and it currently does not connect.

    Now, I have spend a couple of days trying different things with SAT2 admin and when it did connect we had not changed anything , just went for lunch, came back, rebooted the box and it connected. I then disabled the tunnel, rebooted and went on my merry way for a couple of hours (See THE KICKER). Later on I just enabled the tunnel, rebooted the box but it would not connect (hasn't since).

    Here is THE KICKER(Edited): Everytime the tunnel to SAT1 is enabled it screws up the traffic from Sat2. That is regardless of whether or not the tunnel actually connects. It is not just voip traffic between HQ and Sat2 that gets trashed, it is ANY traffic coming out of Sat2. The fix is to disable the tunnel to SAT2 and reboot pfsense.

    We have tried deleting the tunnels, countless config changes and everything we can think with no luck.

    I know you probably need some files to have a look before helping but I just don't know what to post. If you can tell me what to post I will.

    Thanks in advance



  • I have been able to work out that it is ALL traffic from Sat2 that gets screwed up. HTTP, FTP, VOIP, etc.
    Pfsense just starts blocking packets randomly.



  • Have you tried putting pfSense in all locations?  You could even try with the CD and floppy combo as to not mess with your freebsd setup.


Locked