Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    No reaction in IPSec logs, how to debug? (vodafone station)

    IPsec
    1
    1
    117
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      soul710 last edited by

      I have a pfsense config I've been using for several years now, including a working IPSec setup (roadwarrior).
      Now this year, two things changed:

      • I've introduced VLANs into my local LAN
      • I have received a new cable modem/router thing from vodafone

      Now after the VLAN change, I would not get the IPSec to work, in the sense that I could not get it to route into my VLANs. So now, since I have some spare time again, I wanted to work on this issue again.

      However, I found that I cannot even connect at all, which leads me to believe that the modem/router replacement somehow impacted the IPSec.

      I am using a thing which looks like this: https://kabel.vodafone.de/static/media/Arris_VodafoneStation_TG344DE.pdf
      On a 1gbit cable connection. I do have a valid IPv4 address, and I have set up port forwarding to the pfsense box for the ports 4500/500 (UDP), 10000 (TCP), and also 50/51/161 TCP/UDP, but I think theyre not IPSec related. The "firewall" feature of the vodafone box is disabled.

      When I do nc -z -v -u [PUBLIC_IP] 4500 I would get Connection to xxxxxxx port 4500 [udp/ipsec-msft] succeeded!, same for port 500.

      This leads me to believe that port fowarding is working. However I don't know if I can actually reach the pfsense through that IP/ports, since I get the same success when I disable the IPSec temporarily on the pfsense. Also the connection attempt on my iPhone times out after a minute or so (), and in the pfsense system logs / IPSec section I will see no entry at all. I would therefore assume that actually I am not reaching the pfsense, unless something is severely broken in my config.

      What could be causing this? Is this a port fowarding issue? How can I investigate the issue further?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post