BGP routes not updating after ipsec p2 change

haritha.ramesh

I have a pfsense server (community edition) set up.

Pfsense: 2.4.4-RELEASE-p3
frr: 0.2_8 version (dependency frr5-5.0.2)

I have a Google Cloud to pfsense VPN with FRR BGP and these tunnels have been working for the past
couple of years. All necessary firewall rules, IP routes and things have been set up and running fine.

Recently I went to make a small change to add a new phase 2 entry in my desired ipsec tunnel but I'm running
into some problems.

In the ipsec status overview, I see my newly added remote subnet listed there. And under 'SPDs', I can see the
desired inbound and out bound policies added from my phase 2 entry mentioned above.

However, I do not see the routes being updated on the FRR BGP & Zebra status page. Ssh-ing into the pfsense
server, and running netstat -rn also doesn't show the updated routes. I'm not sure why this is the case.

This isn't a one off, I've tried to add the same change to another pfsense cluster that I have running as well,
and the routes aren't updated.

In fact, before I rebooted the servers, I wasn't even able to get pings showing during a packet capture on these pfsense
servers.

Right now, after rebooting pfsense servers, I see that the packets are arriving at the destination VM in my gcloud
project but don't seem to be able to route back to the pfsense server through the BGP tunnel. The tunnel is established,
and running okay when I try to access VMs in previously configured phase2 network destinations.

I'm not sure what is wrong, and I can't seem to find cases of others running into this issue.

I found one but I'm not sure if this is related: https://forum.netgate.com/topic/150391/bgp-routes-in-frr?_=1619557010197

haritha.ramesh

@haritha-ramesh I was able to sort out this issue. Needed to configure global dynamic routing on my google side, as the new range was a different region.