IPSec won't route to a different Gateway



  • I am trying to route my IPSec connections out a vpn pipe instead of WAN.  It seems as though no matter what I do the traffic continues to go out the WAN.  This worked fine on 2.0.3.  I'm on today's build of 2.1 and here is my IPSec routing:

    IPv4 * * * * * VPN_VPNV4 none

    I believe this to be a bug in 2.1.


  • Rebel Alliance Developer Netgate

    Try a new snapshot from today or tomorrow, I believe someone committed a fix that might be relevant last night. I think it was ignoring 0.0.0.0/0 in IPsec P2's.



  • I upgraded to this build: 2.1-RC0 (amd64) built on Tue Jun 4 08:40:43 EDT 2013

    and continue to see the same behavior.  I'll try again in a couple days.



  • I upgraded again and I think things are a little worse now.
    The attachment shows the ipsec log with all kinds of interesting events.

    [ipsec log.txt](/public/imported_attachments/1/ipsec log.txt)



  • The latest updates have improved the crashing of ipsec for me, so we're back to the original problem.  However, upon a closer look, the routing problem appears to be on the client side.  The traffic is not routing through the vpn on the client.



  • I made an interesting discovery - I have 2 pfsense boxes - one is 2.0.3 and the other is 2.1.  The ipsec servers are configured exactly the same, and I used the same client, just changed the server i was connecting to.  I don't know much about these things, but something seems wrong here.  192.168.111.10 is the random address i give my ipsec vpn client.

    Here are the routing tables from each:

    2.1 and Broken:
    IPv4 Route Table

    Active Routes:
    Network Destination        Netmask          Gateway      Interface  Metric
              0.0.0.0          0.0.0.0      192.168.X.X    192.168.X.X92    110
              0.0.0.0          0.0.0.0        On-link    192.168.111.10    31
      <public ip.171="">  255.255.255.255      192.168.X.X    192.168.X.X92    11
    Other irrelevant things*

    2.0.3 and Work
    IPv4 Route Table

    Active Routes:
    Network Destination        Netmask          Gateway      Interface  Metric
              0.0.0.0          0.0.0.0      192.168.X.X    192.168.X.X92    10
      <public ip.216="">  255.255.255.255      192.168.X.X    192.168.X.X92    11
    Other irrelevant things*</public></public>



  • I tried everything I could think of but couldn't get traffic to flow through ipsec vpn.
    My OpenVPN is hosed in 2.1 as well, I can't run a server and a client at the same time and these errors are thrown every minute:
    MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    MANAGEMENT: CMD 'status 2'
    MANAGEMENT: CMD 'quit'
    write to TUN/TAP : Invalid argument (code=22)

    I'd really like to see 2.1 ready for production but it seems quite rough at this point from a vpn perspective.  How can I help to resolve all of these vpn issues?