Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Draytek - pfSense established but no traffic

    IPsec
    2
    3
    2943
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cjking last edited by

      Hi,
      I have managed to connect a Draytek Vigor 2820 using lan-to-lan with pfSense, but cannot get any traffic to pass through it. TCPDUMP shows there is traffic going in and out of pfSense.

      When pinging a host from a NAT machine on the pfSense side:
      16:23:22.272130 IP (pfsense) > (office): AH(spi=0x1ba4eac7,seq=0x9f): IP 10.1.6.4 > 192.168.111.1: ICMP echo request, id 34350, seq 8, length 64 (ipip-proto-4)
      When pinging a host from a NAT machine in the office:
      16:24:37.185381 IP (office) > (pfsense): AH(spi=0x058e938a,seq=0x3d2): IP 192.168.111.40 > 10.1.5.200: ICMP echo request, id 24836, seq 1, length 64 (ipip-proto-4)

      I see no replies when pinging, and similar tcpdump traffic when attempting to connect to any TCP ports but no successful connection.
      I have an allow all rule on the IPSec tab of the firewall rules - am I missing anything else?

      Chris.

      1 Reply Last reply Reply Quote 0
      • C
        cjking last edited by

        Solved - I was using AH in phase 2. Changed to ESP and everything worked fine.

        1 Reply Last reply Reply Quote 0
        • J
          jockwatson last edited by

          Hi,

          would you share what configuration you used, I'm struggling with a 2800 at the moment?

          Cheers!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy