• Hi there,

    We have recently started converting some of our sites onto fibre connection as it becomes available in our area's. So far we have done 2 seperate sites and on both sites I am experiencing the same issue.

    On our normal setups our Pfsense boxes are connected to a router that connects out. The router taking 1 of our public IP addresses and one ethernet card on the Pfsense box taking the 2nd (Red interface).
    We then have 2 more ethernet cards on the pfsense (one for local lan, one for untrusted lan). Now on the Pfsense box we have set  it to have a phase 1 Ipsec tunnel and then 3 phase 2 tunnels. Those 3 tunnels being the local lan, untrusted lan and then one to allow external contractors to remote into the untrusted lan.

    Thats all been fine in the past, however, now when we are on Fibre that Red tunnel does not come online. The other 2 do fine, but just not that one for external support.

    This is the same if I use a router or if I plug the pfsense box directly into the Modem and let the Pfsense make the PPPOE connection.

    Any ideas why this might be?

    There are no traffic shapers in play, nothing that I can see that would stop it. And if I plug it back into an ADSL connection it then works fine.

  • Oh and the tunnels are using

    P2 Protocol P2 Transforms         P2 Auth Methods
    ESP                 AES (auto), 3DES SHA1

    But I have tried them using AH for the P2 protocol as well, same result

  • A rather strange development with regards to this issue.

    We had another site go onto Fibre this year and when it went online all 3 of it's Ipsec tunnels were online and well.

    I compared it side by side with another site that only had 2/3 tunnels up and as far as I could tell they were identical apart from the fact that one of it's redundant Ipsec tunnels (were used for failover in the past but are since redundant) that is disabled had SHA1 and MD5 as authentication methods as well as on the recieving end of the Ipsec the exchange was set to Automatic.
    I tried replicating that since on the 2/3 firewall but still the same result.

    Now, even stranger. After about a week or 2 of those 3 tunnels being up it has now only got 2/3 tunnels up itself!

    Anybody got any suggestions on this strangeness?

    Oh and I have tried this on 2.1-RELEASE (i386) as well as 2.0-BETA5 (i386