• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

bug found: ipsec vpn ipv4 and web management do not work together

General pfSense Questions
3
8
779
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nevolex
    last edited by Jul 16, 2022, 7:29 AM

    Hi all,

    I am not sure how long this exists (on latest pfsense+ 22.05), I have an ipsec tunnel between 2 routers: using ipv4 addresses as tunnel end point ips

    my pfsense is in the cloud and installed on the remote VPS, I can access it via public ip (obviously via trusted IPs that have been setup in the fw rules on pfsense ) the other end is my home and I am connecting from home.

    I noticed that every time when I access it (pfsnse) the IP I am coming from is always ipv6, just being curious I disabled ipv6 stack from my network card and could not log in at all via ipv4.

    Opened it from the other pc via ipv6, did packet capture: when I try to connect from my pc (same IP v4 as as the remote tunnel end from the pfsense perspective) I see 0 attempts in the logs:

    These are the only logs I was able to see, there is no port 443 https logs at all, just port 500 for ipsec

    19:09:12.395810 IP 109.107.xxx.xxx.500 (this is the pfsense side) > 121.99.xxx.xxx.500: UDP, length 80 (this is me from home pc)
    19:09:12.702034 IP 121.99.xxx.xxx.500 > 109.107.xxx.xxx.500: UDP, length 80

    ======================================================

    disabled ipsec tunnel on the pfsense, was immediately able to connect from pc on ipv4 to the remote pfsense

    19:10:35.879707 IP 121.99.xxx.xxx.58635 > 109.107.xxx.xxx.443: tcp 0
    19:10:35.879853 IP 109.107.xxx.xxx.443 > 121.99.xxx.xxx.58635: tcp 0

    is that a bug?
    thank you

    1 Reply Last reply Reply Quote 0
    • N
      nevolex
      last edited by Jul 16, 2022, 9:12 AM

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • N
        nevolex
        last edited by Jul 16, 2022, 10:21 AM

        doing pfctl -d does not help, so wouldn't be the firewall blocking it, looks like a genuine bug

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by stephenw10 Jul 16, 2022, 1:38 PM Jul 16, 2022, 1:38 PM

          Seems more likely to be a routing problem. When you create an IPSec tunnel it adds a static route to the end point via whatever interface the tunnel is using. You probably have a conflict of some sort there.

          Steve

          N 1 Reply Last reply Jul 16, 2022, 9:45 PM Reply Quote 0
          • N
            nevolex @stephenw10
            last edited by Jul 16, 2022, 9:45 PM

            @stephenw10 said in bug found: ipsec vpn ipv4 and web management do not work together:

            Seems more likely to be a routing problem. When you create an IPSec tunnel it adds a static route to the end point via whatever interface the tunnel is using. You probably have a conflict of some sort there.

            Steve

            Thank you for your support Steve, here is my configuration.
            I am using 0.0.0.0/0 as local because Pfsense doesn't have a LAN network, as being a virtual appliance in the data centre. Essentially what I wanted to archive is to route all the traffic from my home fortigate (lan 10.10.10.0/24) via pfsense to the internet. It has been working fine, but yes, ipv4 management of the pfsense (via it's public ip address (as beeing a cloud device) is not working from my local side, but does work fine via ipv6, once ipsec runnel is down ipv4 management is working again

            🔒 Log in to view

            Thank you for any advice

            1 Reply Last reply Reply Quote 0
            • N
              nevolex
              last edited by Jul 16, 2022, 10:27 PM

              and those are my NAT rules on PFsense
              🔒 Log in to view

              1 Reply Last reply Reply Quote 0
              • N
                nevolex
                last edited by Jul 16, 2022, 11:04 PM

                the issue has been fixed and was related to the routing configuration but on the Fortgate side, thanks guys!

                M 1 Reply Last reply Jul 17, 2022, 8:52 PM Reply Quote 1
                • M
                  marcosm Netgate @nevolex
                  last edited by Jul 17, 2022, 8:52 PM

                  @nevolex

                  Thanks for the update, glad to hear it's fixed!

                  1 Reply Last reply Reply Quote 1
                  1 out of 8
                  • First post
                    1/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.