IPSEC site to site originally ok, now its not



  • I set up an ipsec connection between two of our offices. Both are running 2.03. After I set them up, everything seemed to work great. I could ping everyone in their office and vice versa. This has been working for a couple of weeks. I checked it today and was unable to ping either office from either site. Checking the connection under status shows a green connection button, on both pfsense boxes. I disconnected them, reconnected, lights are green on both routers, can't ping through the tunnel.

    No settings have been changed on either router. Where should I begin to look for a problem(I assume one of the logs will clue me in)and what should I be looking for to pinpoint the issue.

    Thanks for any help/advice.



  • Well after trying static routes, and adding separate firewall rules, I set everything back to their original state, then deleted the IPsec entries on both pfsense machines. I recreated them exactly the same as before. Everything is working again nicely. I am not sure if this is a known issue or bug. Granted I am running an older version(2.03) so it may not even be a factor on 2.1. Regardless hopefully it will save someone else a headache. ;)



  • @migsutu:

    No settings have been changed on either router. Where should I begin to look for a problem(I assume one of the logs will clue me in)and what should I be looking for to pinpoint the issue.

    I don't have any suggested causes, but yes, look through ipsec.log for any problems starting around the time you noticed the issue.  I assume you were pinging by ip rather than hostnames, right, to rule out any resolver issues?

    Probably the logs shown on the gui don't go back far enough, so open a shell session and 'clog /var/log/ipsec.log | less'.  Page through system.log and routing.log for clues as well


Log in to reply