Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Disable filtering/scrubbing through VPN - How?

    IPsec
    1
    2
    1787
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      ssheikh
      last edited by

      I have a site-to-site VPN as a fallback/backup link between three sites in a full mesh. The primary link is through (unreliable) MPLS.

      At each site I have Cisco routers that track the far side MPLS routers using IP SLA monitor. If the MPLS link goes down, the routers flips the routes to the pfSense firewalls for traffic to be routed over the VPN.

      The VPNs are kept alive at all time through keep-alive. I have verified that they do stay up.

      The Cisco side of the setup works well.

      My problem is that all established TCP sessions drop when the route flips from the MPLS to the VPN. It appears that pfSense does a TCP state inspection of the packet and drops the packet because it did not see the session establish through it. I have verified this through different packet captures.

      Turning off scrubbing and packet filtering has no effect.

      This is through IPSec VPN. I have not tried OpenVPN.

      Ideas?

      1 Reply Last reply Reply Quote 0
      • S
        ssheikh
        last edited by

        Gave up on trying to do this. Instead created tunnel interfaces on the ciscos and am letting MPLS failover to GRE tunnels. Working surprising well. Doing port forwarding for GRE for the IP of hte router. Wanted to keep all the router IPs behind the firewall.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post