IPSEC rules loading error while bridging Wireless card to LAN interface



  • Morning,

    I get the following error in Diagnostics:Filter Reload Status while having  my Wireless Lan card bridged to my Lan interface.
    Diagnostics: Filter Reload Status

    There were error(s) loading the rules: no IP address found for bridge0/tmp/rules.debug:141: could not parse host specification no IP address found for bridge0 /tmp/rules.debug:142: could not parse host specification no IP address found for bridge0 /tmp/rules.debug:143: could not parse host specification no IP address found for bridge0 /tmp/rules.debug:144: could not parse host specification pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [141]: pass out quick on $WirelessAccessInterface proto udp from $WirelessAccessInterface to xx.xx.xx.xxx port = 500 keep state label "IPSEC: Xxxxx IPSEC - outbound isakmp"…

    This page will automatically refresh every 3 seconds until the filter is done reloading.

    It's pretty clear what it says, it can't aline any rules to the bridge0 interface since it has no ip address due to the bridging process.

    So my question is can i change any rules by hand?
    Cause as long as it can't aline such rules it wont establish any IPSEC connection with my other peer.
    Changing the interface name "$WirelessAccessInterface" to "lan" in /tmp/rules.debug would that help? Or does anyone has a better solution?

    It does say in my /tmp/rules.debug config:

    VPN Rules

    pass out quick on $wan proto udp from $wan to xx.xx.xx.xxx port = 500 keep state label "IPSEC: xxxxx IPSEC - outbound isakmp"
    pass in quick on $wan proto udp from xx.xx.xx.xxxto $wan port = 500 keep state label "IPSEC: xxxxx IPSEC - inbound isakmp"
    pass out quick on $wan proto esp from $wan to xx.xx.xx.xxxkeep state label "IPSEC: xxxxx IPSEC - outbound esp proto"
    pass in quick on $wan proto esp from xx.xx.xx.xxx to $wan keep state label "IPSEC: xxxxx IPSEC - inbound esp proto"
    pass out quick on $WirelessAccessInterface proto udp from $WirelessAccessInterface to xx.xx.xx.xxx port = 500 keep state label "IPSEC: xxxxx IPSEC - outbound isakmp"
    pass in quick on $WirelessAccessInterface proto udp from xx.xx.xx.xxx to $WirelessAccessInterface port = 500 keep state label "IPSEC: xxxxx IPSEC - inbound isakmp"
    pass out quick on $WirelessAccessInterface proto esp from $WirelessAccessInterface to xx.xx.xx.xxx keep state label "IPSEC: xxxxx IPSEC - outbound esp proto"
    pass in quick on $WirelessAccessInterface proto esp from xx.xx.xx.xxx to $WirelessAccessInterface keep state label "IPSEC: xxxxx IPSEC - inbound esp proto"



  • What version?



  • pfSense-1.0-RC2-Embedded-128-meg

    sry forgot to mention that :(



  • Bzzt.  1.0-RC3 is out.  Upgrade.



  • Yes, and that error was fixed right after RC2 was released with RC2a or b when I recall correctly.


Log in to reply