Established but no traffic



  • I'm having a bit of an issue with an IPSec VPN between two sites.

    The VPN link is reported as up but I cannot communicate over it…

    127dot0dot0dot1:~# route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    80.229.71.16    0.0.0.0         255.255.255.240 U     0      0        0 eth0
    192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
    10.0.0.0        192.168.0.50    255.255.0.0     UG    0      0        0 eth1
    192.168.0.0     192.168.0.1     255.255.0.0     UG    0      0        0 eth1
    0.0.0.0         80.229.71.18    0.0.0.0         UG    0      0        0 eth0
    127dot0dot0dot1:~# ping 10.0.0.1
    PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
    ^C
    --- 10.0.0.1 ping statistics ---
    4 packets transmitted, 0 received, 100% packet loss, time 3013ms
    
    127dot0dot0dot1:~# traceroute 10.0.0.1
    traceroute to 10.0.0.1 (10.0.0.1), 30 hops max, 60 byte packets
     1  192.168.0.50 (192.168.0.50)  0.232 ms  0.410 ms  0.387 ms
     2  * * *
     3  * * *
     4  * * *
     5  * * *
     6  * * *
     7  *^C
    127dot0dot0dot1:~#
    
    

    I have, at present, accept firewall rules on both the WAN, LAN and IPSec interfaces to accept all traffic.

    I cannot packet log at site 2, however logging on re0 of the pfsense box at site1 shows that packets are sent when I ping a host at site 2 but no reply is received:

    13:47:41.144023 IP 80.229.71.19 > 81.106.133.4: ESP(spi=0x4a00ca23,seq=0x20), length 116

    When a host at site 2 pings a host in site 1, the packet is recived at site 1 but no reply sent:

    13:45:07.119877 IP 81.106.133.4 > 80.229.71.19: ESP(spi=0x02cefcf6,seq=0x2d), length 116

    EDIT: Interestingly, a traceroute from the pfsense box itself tries to send the packet over the Internet:

    traceroute -n 10.0.0.1

    traceroute to 10.0.0.1 (10.0.0.1), 64 hops max, 40 byte packets
    1  80.229.71.18  0.988 ms  0.852 ms  0.758 ms
    2  195.166.128.27  41.521 ms  37.537 ms  36.036 ms
    3  84.92.5.57  33.451 ms^C

    I'm not sure this is the issue though as the pings sent from another host are clearly being encrypted and sent.

    Does anyone have any ideas what the issue is here?

    Cheers

    Phil





  • @Phil:

    Solved… See http://forum.pfsense.org/index.php/board,16.0.html

    I have exactly the same problem as you described, but the link you posted does not work.

    Can you tell me how you solved your problem?

    \Ronni


Locked