Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec won't route to a different Gateway

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    7 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      ckraimer
      last edited by

      I am trying to route my IPSec connections out a vpn pipe instead of WAN.  It seems as though no matter what I do the traffic continues to go out the WAN.  This worked fine on 2.0.3.  I'm on today's build of 2.1 and here is my IPSec routing:

      IPv4 * * * * * VPN_VPNV4 none

      I believe this to be a bug in 2.1.

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Try a new snapshot from today or tomorrow, I believe someone committed a fix that might be relevant last night. I think it was ignoring 0.0.0.0/0 in IPsec P2's.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C Offline
          ckraimer
          last edited by

          I upgraded to this build: 2.1-RC0 (amd64) built on Tue Jun 4 08:40:43 EDT 2013

          and continue to see the same behavior.  I'll try again in a couple days.

          1 Reply Last reply Reply Quote 0
          • C Offline
            ckraimer
            last edited by

            I upgraded again and I think things are a little worse now.
            The attachment shows the ipsec log with all kinds of interesting events.

            [ipsec log.txt](/public/imported_attachments/1/ipsec log.txt)

            1 Reply Last reply Reply Quote 0
            • C Offline
              ckraimer
              last edited by

              The latest updates have improved the crashing of ipsec for me, so we're back to the original problem.  However, upon a closer look, the routing problem appears to be on the client side.  The traffic is not routing through the vpn on the client.

              1 Reply Last reply Reply Quote 0
              • C Offline
                ckraimer
                last edited by

                I made an interesting discovery - I have 2 pfsense boxes - one is 2.0.3 and the other is 2.1.  The ipsec servers are configured exactly the same, and I used the same client, just changed the server i was connecting to.  I don't know much about these things, but something seems wrong here.  192.168.111.10 is the random address i give my ipsec vpn client.

                Here are the routing tables from each:

                2.1 and Broken:
                IPv4 Route Table

                Active Routes:
                Network Destination        Netmask          Gateway      Interface  Metric
                          0.0.0.0          0.0.0.0      192.168.X.X    192.168.X.X92    110
                          0.0.0.0          0.0.0.0        On-link    192.168.111.10    31
                  <public ip.171="">  255.255.255.255      192.168.X.X    192.168.X.X92    11
                Other irrelevant things*

                2.0.3 and Work
                IPv4 Route Table

                Active Routes:
                Network Destination        Netmask          Gateway      Interface  Metric
                          0.0.0.0          0.0.0.0      192.168.X.X    192.168.X.X92    10
                  <public ip.216="">  255.255.255.255      192.168.X.X    192.168.X.X92    11
                Other irrelevant things*</public></public>

                1 Reply Last reply Reply Quote 0
                • C Offline
                  ckraimer
                  last edited by

                  I tried everything I could think of but couldn't get traffic to flow through ipsec vpn.
                  My OpenVPN is hosed in 2.1 as well, I can't run a server and a client at the same time and these errors are thrown every minute:
                  MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
                  MANAGEMENT: CMD 'status 2'
                  MANAGEMENT: CMD 'quit'
                  write to TUN/TAP : Invalid argument (code=22)

                  I'd really like to see 2.1 ready for production but it seems quite rough at this point from a vpn perspective.  How can I help to resolve all of these vpn issues?

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.