Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block unwanted IPsec connection attempt

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 634 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JacobThastrup
      last edited by

      Hello everyone
      I have deployed a pfSense firewall and managed to set up two IPsec connections with little trouble :-)
      However, when I look in the IPsec system log I can see that a third unknown IP adr is continuously attempting to establish an IPsec tunnel.
      It obviously fails with a "no IKE config found", but is there a good way to block this connection attempt from even trying to establish a tunnel. Needless to say the IPsec system log is almost exclusively full of connection attempts from the unknown IP adr.
      Thanks
      Jacob

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @JacobThastrup
        last edited by johnpoz

        @jacobthastrup If you have a IP filling your log with spam, just block that IP in your wan rules before your allow rule for whatever service your running.

        Now it will not be able to talk to your service, and the traffic will just be dropped. So no entries in your service log. As long as you don't log this rule, then you will never see anything logged for it in your firewall log or your service log, it just dropped, ie ignored.

        example:

        example.jpg

        Say 1.2.3.4 is your problem IP, such a rule would just drop traffic from this IP before it could talk to any of your services you have open on the wan. If you want to be specific and just not let it talk to a specific service, than be more specific in your block rule.

        Rules are evaluated top down, first rule to trigger wins, no other rules are evaluated.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        J 1 Reply Last reply Reply Quote 0
        • J
          JacobThastrup @johnpoz
          last edited by

          @johnpoz
          Thanks for the reply.
          I think I've done that, i've also added it to the LAN and IPsec section for good measure.
          9c297238-893b-4bf2-9ccf-7f8a6c17a83d-image.png
          eaeb2008-15cf-4338-b279-787330cc6462-image.png
          89ec900d-fe2a-4896-8a41-35813600e913-image.png

          And still I get the following in the IPsec log:
          a21db9c7-c0b4-4ec2-96d6-b785f499734b-image.png
          I've blacked out my IP.

          Thanks
          Jacob

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.