IPSec Tunnels duplicating phase 2
-
Hi!
After update from 2.4.5 to 2.5.2, I got this strange behavior from IPSec:
I have a Tunnel with a P1 and 2 P2. When I try to connect it, in the overview pane, I get two P2 connections of the same P2 (see the below images) -
-
@jimp in Version 2.6.0 this is not happening. Its just working as it should.
I tried to make big differences in the phase 2 entrys but they always get replicated. Iam trying to establish an Site 2 Site with an Sophos UTM latest Firmware. With 2.6.0 and above there is no problem, with 2.5.2 i have no luck in doing so...
is there an workaround ? i need this to work ...
-
Use 2.6.0. It's in RC stage now and unlikely to have any big changes between now and the actual release.
No sense in giving yourself that kind of grief when it works fine on 2.6.x.
-
thanks for the quick reply, i have a big issue with RC 2.6.0 thats why i reverted back.
This is my WAN Interface speed with 2.5.2
This is my WAN Interface speed with 2.6.0++
i honestly dont know what causes the issue but its the same even on 2.7.X
i really try to move away my customers from Sophos to PFsense and happy to buy a sub but since trying pfsense i only had bad luck with simple things that should work out of the box.
-
Start a new thread for that, it's probably something in your hardware or related settings (like needing to disable hardware checksums on the NICs)
-
@jimp its a hyper-v vm ...
-
Still could be the same kind of issue, it's almost certainly a problem in your settings and not a problem inherent to 2.6.x.
-
@jimp ive had an idea which i just tried. i made a subdomain for each phase 2 entry (4 in sum), so i connected 1 ipsec (phase 1) with the IP and added another 3 with different subdomains to the same ip and with the different phase 2 entrys. Seems to work. Looks pretty ugly but at least it works on 2.5.2.