Tunnel to /23 subnet?
-
Are there any known issues with tunnels involving /23 networks? When I try to set one up between two pfsense boxes, Phase 1 negotiation completes successfully but Phase 2 just spins its wheels.
2.0-BETA4 (i386)
built on Wed Nov 24 03:27:06 EST 2010 -
Shouldn't be any problems, no different than any other subnet.
As long as the phase 2 info matches exactly, it should work. Anything in the IPsec logs on either side about it?
-
Thanks, glad to know it's expected to work, at least. Logs just show the usual …
racoon: ERROR: failed to pre-process packet.
racoon: ERROR: failed to get sainfo... but if I adjust masks on both sides to /24 then the tunnel comes up right away.
I'll try debug mode later today.
-
Oops! Just needed to make a simple Phase 2 setting adjustment, of course.
the local pfSense LAN IP address is …
x.x.2.x/23... so initially i had set the remote tunnel to connect to ...
x.x.2.0/23... but upon reviewing racoon debug output, I realized that for a /23 network it should actually be ...
x.x.1.0/23 -
That would do it. :-)
