Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSEC established but no tftp or UDP

    IPsec
    2
    6
    167
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joedoe47 last edited by

      So here is the deal. I know I am missing something simple.

      I have a pfsense virtual machine for a client. Its behind an old cisco buisness router. The cisco router has the vm in a DMZ so as to not prevent the VM from connecting to any external IPs.

      So to my surprise pfsense is able to make a connection with AWS VPC via IPSEC this way. I would show you the picture of the IPSEC status page but I'm at work not home. The status page for IPSEC has been up for like a week now straight like a boss.

      So the way Pfsense VM is configured is it has 2 NICs. 1 WAN and 1 LAN. WAN has a static ip of 192.168.1.201. LAN has a DHCP from the cisco firewall, 192.168.1.50 I think. (I am aware I can disable the firewall and firewall scrub all together and that is what I have set but I figured the WAN side was causing an issue)

      So it works. I can ping my VM in AWS VPC. After some googling the only thing I had missed was setting rules in the firewall to allow all traffic to and from the IPSEC. (all using the WAN ip address with the firewall and firewall scrub disabled)

      However this client needs to use tftp to get and put to the AWS cloud but whenever I try to send or receive any data it times out.

      I put in a ticket with AWS and they have assured me that UDP ins't being blocked. The cisco router on the client end isn't blocking UDP. I was able to download a torrent and send/recieve data via tftp to and from the WAN device on pfsense to another node in the system.

      I can ping. I can ssh to the host. But UDP traffic seems to be blocked by the tunnel on the firewall in both directions.

      Are there any more seasoned and experience pfsense gurus with any tips and or advice?

      I know this post may seem vauge so if there is something you feel you need to know let me know.

      DaddyGo 1 Reply Last reply Reply Quote 0
      • DaddyGo
        DaddyGo @joedoe47 last edited by DaddyGo

        @joedoe47 said in IPSEC established but no tftp or UDP:

        However this client needs to use tftp to get and put to

        Hi,

        if TFTP - pfSense, then this is my idea....

        9f2a3dfe-1988-4cb3-9dc6-3c54c7ce663f-image.png

        f983b03a-f386-4fd8-8cd4-870c07dcd9bc-image.png

        5f0c198d-a432-4014-b4e7-1681b01aea17-image.png

        BTW:
        @joedoe47 "I know this post may seem vauge so if there is something........................."
        but otherwise you really showed little of your system, rules, etc. ๐Ÿ˜‰

        Cats bury it so they can't see it!
        (You know what I mean if you have a cat)

        1 Reply Last reply Reply Quote 0
        • J
          joedoe47 last edited by

          heh. I know I constantly hear people say that they need pictures to see what the heck a user has done.

          I googled on netgate and they said as a troubleshooting technique I should first make sure the tftp proxy is disabled and then if it still doesn't work on pfsense to enable it.

          So at the moment it is enabled for both WAN and LAN.

          Give me a second. I'll get you some more detailed images sir.

          1 Reply Last reply Reply Quote 0
          • J
            joedoe47 last edited by joedoe47

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • J
              joedoe47 last edited by joedoe47

              Okay so update. It seems there is a firewall rule thats the issue. Not even with pfsense.

              There is another firewall in between the pfsense and the internet. So the assumption was that "well since we are doing a 1:1 nat nothing should stop UDP packets.

              But the problem is on the side of this router which is blocking tftp packets.

              Pfsense is doing its job as it should. The issue is the primary gateway.

              DaddyGo 1 Reply Last reply Reply Quote 0
              • DaddyGo
                DaddyGo @joedoe47 last edited by

                @joedoe47 said in IPSEC established but no tftp or UDP:

                Pfsense is doing its job as it should. The issue is the primary gateway.

                I believed it was not a pfSense issue
                since I have been using TFTP for a long time to upgrade IT devices FWs

                dual -NAT is never good, try to eliminate it if possible...
                (as if we were wrapping the gift in two separate boxes (which we put on top of each other) at Christmas, more exciting but takes longer to obtain) ๐Ÿ˜‰

                Cats bury it so they can't see it!
                (You know what I mean if you have a cat)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post