Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Filter IPsec VTI and Transport on assigned interfaces, block all tunnel mode traffic

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 209 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jhorne
      last edited by

      not sure if i found a bug or if this is the intended behavior. i think bug.

      i switched my CE 2.7.2 HA Pair to use "Filter IPsec VTI and Transport on assigned interfaces, block all tunnel mode traffic" stead of the default of "Filter IPSec Tunnel, Transport, and VTI on IPSec tab (enc0)" which has always been the default as far as i can see.

      when i made this change on the primary, this setting did not change on the HA secondary. i then set it by hand on the secondary.

      both nodes now show VTI interface in the firewall rules page.
      i began to create rules on the new VTI interface in the rules page of the primary, and the newly created rules did not replicate to the HA secondary.

      wondering if anyone else has seen this, or maybe might be able to replicate the behavior?

      1 Reply Last reply Reply Quote 0
      • J
        jhorne
        last edited by

        turns out, it was me. i mistakenly upgraded the secondary node to 2.7.2, but forgot to upgrade the primary node and it was still 2.7.0. HAsync was not working due to this error, so this was not a pfsense problem, it was a me problem :)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.