Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN firewall rules allowing UDP 500 & ESP

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      newbieuser1234
      last edited by

      I read on the pfsense site that you may have to allow firewall rules on WAN from your remote IPsec vpn site.  I setup the phase 1 and phase 2 entries and they appear to work fine without the allow firewall rules on wan for UDP 500 and ESP.  Is there any reason why I would want to keep the wan rules active?  I assume source address would be my remote IP and dest as * for UDP 500 & ESP?

      https://doc.pfsense.org/index.php/VPN_Capability_IPsec

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        If you have automatic VPN rules enabled (Check System > Advanced, Firewall/NAT tab) then you don't need to add manual rules as it will put in rules to allow the udp and esp traffic required from the remote peer IP address defined for the tunnel.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • N Offline
          newbieuser1234
          last edited by

          which is safer? specifically allow traffic from one source or turning the other on?

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            In most cases they will be equivalent. But usually it's safer to disable the automatic rules and make your own.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • N Offline
              newbieuser1234
              last edited by

              thanks jim

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.