Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSec won't route to a different Gateway

    2.1 Snapshot Feedback and Problems - RETIRED
    2
    7
    1729
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ckraimer last edited by

      I am trying to route my IPSec connections out a vpn pipe instead of WAN.  It seems as though no matter what I do the traffic continues to go out the WAN.  This worked fine on 2.0.3.  I'm on today's build of 2.1 and here is my IPSec routing:

      IPv4 * * * * * VPN_VPNV4 none

      I believe this to be a bug in 2.1.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Try a new snapshot from today or tomorrow, I believe someone committed a fix that might be relevant last night. I think it was ignoring 0.0.0.0/0 in IPsec P2's.

        1 Reply Last reply Reply Quote 0
        • C
          ckraimer last edited by

          I upgraded to this build: 2.1-RC0 (amd64) built on Tue Jun 4 08:40:43 EDT 2013

          and continue to see the same behavior.  I'll try again in a couple days.

          1 Reply Last reply Reply Quote 0
          • C
            ckraimer last edited by

            I upgraded again and I think things are a little worse now.
            The attachment shows the ipsec log with all kinds of interesting events.

            [ipsec log.txt](/public/imported_attachments/1/ipsec log.txt)

            1 Reply Last reply Reply Quote 0
            • C
              ckraimer last edited by

              The latest updates have improved the crashing of ipsec for me, so we're back to the original problem.  However, upon a closer look, the routing problem appears to be on the client side.  The traffic is not routing through the vpn on the client.

              1 Reply Last reply Reply Quote 0
              • C
                ckraimer last edited by

                I made an interesting discovery - I have 2 pfsense boxes - one is 2.0.3 and the other is 2.1.  The ipsec servers are configured exactly the same, and I used the same client, just changed the server i was connecting to.  I don't know much about these things, but something seems wrong here.  192.168.111.10 is the random address i give my ipsec vpn client.

                Here are the routing tables from each:

                2.1 and Broken:
                IPv4 Route Table

                Active Routes:
                Network Destination        Netmask          Gateway      Interface  Metric
                          0.0.0.0          0.0.0.0      192.168.X.X    192.168.X.X92    110
                          0.0.0.0          0.0.0.0        On-link    192.168.111.10    31
                  <public ip.171="">  255.255.255.255      192.168.X.X    192.168.X.X92    11
                Other irrelevant things*

                2.0.3 and Work
                IPv4 Route Table

                Active Routes:
                Network Destination        Netmask          Gateway      Interface  Metric
                          0.0.0.0          0.0.0.0      192.168.X.X    192.168.X.X92    10
                  <public ip.216="">  255.255.255.255      192.168.X.X    192.168.X.X92    11
                Other irrelevant things*</public></public>

                1 Reply Last reply Reply Quote 0
                • C
                  ckraimer last edited by

                  I tried everything I could think of but couldn't get traffic to flow through ipsec vpn.
                  My OpenVPN is hosed in 2.1 as well, I can't run a server and a client at the same time and these errors are thrown every minute:
                  MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
                  MANAGEMENT: CMD 'status 2'
                  MANAGEMENT: CMD 'quit'
                  write to TUN/TAP : Invalid argument (code=22)

                  I'd really like to see 2.1 ready for production but it seems quite rough at this point from a vpn perspective.  How can I help to resolve all of these vpn issues?

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense Plus
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy