Help sending flows to an IPsec destination

sipple31

I have a branch office running a Netgate 7541.  Default route over IPsec back to HQ.  I want to capture flows and send them back to our Orion server at HQ.  I've tried both softflowd and pfflowd with the same results.  I do this at some of our other locations with an ASA 5505… so it shouldn't be impossible.

thanks!

jimp

You'll have to nudge the firewall to send the flows from a source of the LAN IP or similar, usually with a static route.

sipple31

I tried a static route without success.  Will attach some screenshots.  The source ping works fine.

Flow is below:

172.20.10.254 |pfsense| public IP <ipsec>internet <ipsec>|Corporate ASA| 172.20.1.1 <> 172.20.1.68 (Netflow Receiver)

</ipsec></ipsec>

sipple31

also tried setting the static route to 0.0.0.0/1 … flows still not making it.  I also did a pcap to confirm they are not making it.  I feel like I'm missing something simple......  :-\

EDIT: BAH. Nevermind. pfflowd works with the static route in place. I absolutely could not get softflowd to work over IPsec. I'm happy.