6th and 7th IPSec tunnel traffic not passing
-
We have been using a cloud based pfSense(hosted with Vultr's New Jersey datacenter) for about a year or so now for our company.
It has been GREAT!
We have 5 sites connected to our cloud infrastructure.
The 5 sites are using Zyxel USG20-vpn appliances and are working great.
We have then added a 6th site using another pfsense virtual appliancehosted with Vultr's Seattle datacenter).
Since adding this 6th IPsec tunnel:
-
The tunnel gets established but no traffic is passing between the sites.
-
We have also added a 7th IPsec tunnel using another Zyxel USG20-vpn appliance and the same issue, the tunnel gets established but no traffic is passing.
Would any one have any ideas on what may be causing this?
Is there a limitation on the number of IPsec Tunnels each pfSense can support?
-
-
You shouldn't have any trouble with six, I've had boxes with nearly forty active tunnels.
-
Thanks for the reply.
Can you help me shed any light on what to check?
I've recreates the tunnels one too may times to count but cannot get the 6th and 7th tunnels to route traffic even thought the first site to site tunnels are functioning flawlessly.
-
All of your p2's are unique? Are you seeing anything in the logs?
-
@dotdash I haven't gotten this resolved.
The only issue is between my two cloud VPN pfSense boxes.
The p1 and p2 tunnel gets established but absolutely 0 traffic passes.
There is no info in the logs on either instance related to this.
Site A to Site C works 100%
Site B to Site C works 100%
Site A to B connects but traffic never ever passes. -
Nothing in the logs? All subnets are unique? You could try a packet capture and see what's going on.
-
@dotdash 100% unique subnets.
Let me try a capture and see.
TBH looking in the logs I can't think of anything that sticks out but
Below are the caputres and as you can see absolutely no IPSec traffic from Site A to Site C but traffic from Site A to Site C there is traffic.
SiteA to SiteC
SiteA to SiteB
SiteA to SiteB in promicuous mode
-
Dozens if not hundreds. No, there's no limit. You misconfigured something at one or both ends.
-
@Derelict I appreciate the input :)
-
I have recreated the tunnel dozens of times over
-
I have made sure there are no duplicate P2 IPs
-
The tunnel comes up every time but traffic never passes
-
There are a total of 7 tunnels:
(I did not setup a mesh as we do not require it) -
Site A (West Cost Cloud pfSense)
*Site A to C works
*Site A to D works
*Site A to E works
*SIte A to F works
*Site A to G works
*Site A to H works -
Site B (East Cost Cloud pfSense)
*Site B to C works
*Site B to D works
*Site B to E works
*SIte B to F works
*Site B to G works
*Site B to H works -
**Site A to Site B
*connects but never passes traffic
-
-
Then post your exact, detailed config.
If it was done correctly it would be working. ;)
