Packets in But Not Out
-
Hello! I have a route that I'm building up from scratch in a VM. I'm setting up an IPsec tunnel (VTI) from an existing router to the new router. I setup the two phases on both sides and the tunnel comes up but the new router doesn't send traffic. So far I have tried pfSense 2.4.4p3, 2.4.5p1, rebuilding the tunnels, and rebooting. I've had this issue before but never found the problem it just sometimes fixes itself. I'm using Vultr if it makes a difference.
-
If you set it up to use VTI (and a transfer network) you have to setup your routes via System/Routing for yourself. Did you do that?
-
Right. The plan is to use FRR to distribute routes but auto ping can't get through so we aren't to that point yet. The packets in here are the auto ping from the old router and there should be packets out for the auto ping in the other direction. If I add FRR now the neighbor adjacency doesn't form. Setting up FRR, I can see pings and the OSPF hello packets coming in on the new router (on the IPsec interface not the tunnel specific interface) and on the old router I can see the pings and hellos flowing out (from the tunnel specific interface) but nothing in response. I think this is a pfSense bug but I don't know how to fix it.
-
AFAIR, there were already multiple posts from people using FRR / OSPF with VTI interfaces but sadly I ain't one of them. Only have FRR/OSPF running cleanly with a OVPN shared key /30 tunnel and that works like a charm!
Perhaps @jimp or someone more experimental can help :)
-
This shouldn't be an issue with OSPF/FRR. I'm having this issue prior to even installing FRR. The tunnel being up generates traffic that should be showing.
