IPsec dpinger pings dropped on WAN
-
Running into a very strange issue here.
Ive set up an IPsec tunnel - in VTI mode - between 2x pfsense appliances.
P1/P2 comes up but the gateway is showing as Offline, PacketLoss 100%I went over to my firewall logs to review as i know for testing we have wide open rules on IPsec interface to permit pings and i see this flooding my logs
Those are the VTI addresses on each side with 10.6.106.6 being the remote pfsense
Something funky is happening. Obviously the 10/address isnt routable over the internet but somehow my WAN is seeing it and blocking it by default ruLE.
Additionally i am not able to ping any of the remote networks and i have a static route in place and i see outbound states being created. -
Solved!!
There was another P2 active.
So i think i know what happened. Whent he IPsec tunnel was first set up, it was in tunnel mode. Switched over to VTI but the other p2 was still there. Somehow there was a conflict. After deleting the old p2, things are looking good.Leaving this here for future me or anyone else