Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AWS VPN Wizard does not assign P2 reqid resulting in broken tunnels

    Scheduled Pinned Locked Moved
    IPsec
    1
    1
    64
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      ScottCall
      last edited by ScottCall

      pfsense+ 23.05.1-RELEASE on Netgate 1541
      AWS Wizard 0.1.0

      I was setting up a new AWS IPSEC VPN and decided to use the wizard (our other connections were from before we upgraded to pf+) and noticed what seems to be an error.

      I have 2 local networks that need access the the vpc on AWS.

      The wizard successfully built the tunnels on AWS and added configs to pfSense.

      on pfsense it added two P1 connections and on each connection has 3 P2s (interface network, and each local subnet).

      However, when you bring up the IPSEC connection, it only brings up one of the 3 P2s.

      If you click "Connect P2" next to one of the disconnected P2s, it brings up a second P2 with with the source and destination matching the already connected one, not the requested one. The original P2 goes into "Rekeyed" state.

      Looking at the wizard generated configs, it did not assign a reqid to the P2s so instead of con1_1, con1_2, con1_3, all 3 P2s are treated as "con1_"

      I believe this is the reason why only one of the 3 can be active at a time.

      If you open each P2 in edit and then hit "save" it assigns them a reqid but that is a workaround.

      Is this a known issue?

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post