Tunnel to /23 subnet?

  • Are there any known issues with tunnels involving /23 networks? When I try to set one up between two pfsense boxes, Phase 1 negotiation completes successfully but Phase 2 just spins its wheels.

    2.0-BETA4 (i386)
    built on Wed Nov 24 03:27:06 EST 2010

    Shouldn't be any problems, no different than any other subnet.

    As long as the phase 2 info matches exactly, it should work. Anything in the IPsec logs on either side about it?

  • Thanks, glad to know it's expected to work, at least. Logs just show the usual …

    racoon: ERROR: failed to pre-process packet.
      racoon: ERROR: failed to get sainfo.

    .. but if I adjust masks on both sides to /24 then the tunnel comes up right away.

    I'll try debug mode later today.

  • Oops! Just needed to make a simple Phase 2 setting adjustment, of course.

    the local pfSense LAN IP address is …

    ... so initially i had set the remote tunnel to connect to ...

    ... but upon reviewing racoon debug output, I realized that for a /23 network it should actually be ...

    That would do it. :-)

