IPsec stops forwarding traffic when Captive Portal is enabled
-
Hi,
We have a problem similar to the one in https://forum.netgate.com/topic/42230/captive-portal-break-ipsec-tunnels-solved?_=1602674436600
When captive portal is enabled, the IPsec stops working.
I've tried adding the remote subnets in "Allowed IP Adresses", but that didn't help.Our setup is 2.4.4-RELEASE-p3 in HA setup.
Pointers to where I should start looking in the firewall rules is much appreciated.
Thanks,
René -
see https://forum.netgate.com/topic/42230/captive-portal-break-ipsec-tunnels-solved/4?_=1602674436600:
I've specified the remote Nework 192.168.1.0/24 in the "Allowed IP Address" tab in the Captive Portal.
so, you need to put remote IPsec networks to "Allowed IP Address"
-
@viktor_g said in IPsec stops forwarding traffic when Captive Portal is enabled:
so, you need to put remote IPsec networks to "Allowed IP Address"
Thank you for taking the time to reply to my post.... but did you even read it before replying?
BR,
René -
yeap, I need to be more careful)
Ok, some questions:
- same issue without HA?
- "Allowed IP Adresses" direction
- list of Captive Portal interfaces
-
Took a long time before I got around to testing this again.
- The issue is the same with or without HA.
- They're allowed in both directions.
- There is a lot of interfaces. But it's only enabled on "VLAN_154". Which as you can guess, is a VLAN interface.
BR,
René -
Forgot to add som additional information.
The tunnels actually doesn't stop forwarding everything.
I can still ping through the tunnels, but all other traffic seems to be blocked.
HTTP, RDP, SNMP, to mention a few.//René
-
@renedk
Please show your IPsec VPN configuration
