IPsec via IPv6 issue



  • Hi,

    My situation:

    location 1: 192.168.1.0/24 - pfSense1 on 192.168.1.254 - DHCP for clients .100 to .199
    location 2: 192.168.2.0/24 - pfSense2 on 192.168.2.254 - DHCP for clients .100 to .199

    Working IPsec IPv4 link between both sites. All devices from location 1 can reach all devices from location 2, and the other way around also.

    Now I switched the IPsec phase 1 from IPv4 to IPv6. The phase 2 remains at IPv4 (since I use IKEv2, that is possible).

    Result: all devices from location 1 can only reach pfSense2 (not the other devices on site 2), and all devices from location 2 can only reach pfSense1 (not the other devices on site 1).

    Anyone else experienced this?

    (since I am still using IPv4 inside the tunnel as before, it's not a firewall issue)

    Thanks.

    EDIT: Update: ping works to all, but no webinterfaces, so must be an MTU issue I guess...
    EDIT: Update2: Activating MSS Clamping and lowing the MSS to 1300 bytes fixed the issue! :-)


Log in to reply