Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec stops forwarding traffic when Captive Portal is enabled

    Scheduled Pinned Locked Moved Captive Portal
    7 Posts 2 Posters 756 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      renedk
      last edited by

      Hi,

      We have a problem similar to the one in https://forum.netgate.com/topic/42230/captive-portal-break-ipsec-tunnels-solved?_=1602674436600

      When captive portal is enabled, the IPsec stops working.
      I've tried adding the remote subnets in "Allowed IP Adresses", but that didn't help.

      Our setup is 2.4.4-RELEASE-p3 in HA setup.

      Pointers to where I should start looking in the firewall rules is much appreciated.

      Thanks,
      René

      1 Reply Last reply Reply Quote 0
      • viktor_gV
        viktor_g Netgate
        last edited by

        see https://forum.netgate.com/topic/42230/captive-portal-break-ipsec-tunnels-solved/4?_=1602674436600:

        I've specified the remote Nework 192.168.1.0/24 in the "Allowed IP Address" tab in the Captive Portal.

        so, you need to put remote IPsec networks to "Allowed IP Address"

        R 1 Reply Last reply Reply Quote 0
        • R
          renedk @viktor_g
          last edited by

          @viktor_g said in IPsec stops forwarding traffic when Captive Portal is enabled:

          so, you need to put remote IPsec networks to "Allowed IP Address"

          Thank you for taking the time to reply to my post.... but did you even read it before replying?

          BR,
          René

          1 Reply Last reply Reply Quote 0
          • viktor_gV
            viktor_g Netgate
            last edited by

            yeap, I need to be more careful)

            Ok, some questions:

            1. same issue without HA?
            2. "Allowed IP Adresses" direction
            3. list of Captive Portal interfaces
            R 1 Reply Last reply Reply Quote 0
            • R
              renedk @viktor_g
              last edited by

              Took a long time before I got around to testing this again.

              1. The issue is the same with or without HA.
              2. They're allowed in both directions.
              3. There is a lot of interfaces. But it's only enabled on "VLAN_154". Which as you can guess, is a VLAN interface.

              BR,
              René

              R 1 Reply Last reply Reply Quote 0
              • R
                renedk @renedk
                last edited by

                Forgot to add som additional information.

                The tunnels actually doesn't stop forwarding everything.
                I can still ping through the tunnels, but all other traffic seems to be blocked.
                HTTP, RDP, SNMP, to mention a few.

                //René

                viktor_gV 1 Reply Last reply Reply Quote 0
                • viktor_gV
                  viktor_g Netgate @renedk
                  last edited by

                  @renedk
                  Please show your IPsec VPN configuration

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.