Bug? pfsense sends ISAKMP IKE_AUTH (udp 4500) packets out without NAT



  • Well, here's an odd one:

    My AT&T microcell quit working a few days ago. After much troubleshooting, I finally found that the microcell was sending ISAKMP IKE_AUTH packets (udp port 4500). By wiresharking the ethernet connection between my pfsense box and the DSL modem (configured as a bridge), I saw that pfsense was sending the packets out to the internet with the source IP address set as the internal IP address of the microcell instead of pfsense's public IP!

    The only way I could get it to translate the source address was to turn off automatic outbound rule generation, and create a manual rule at the top of the list to specifically handle udp 4500 packets.

    Now here's the odd part:

    I've been running pfsense 2.1 for several months with everything working great, except that sporadically, my asterisk system loses the ability to register with my VoIP provider.

    I've been dinking around with various pfsense settings (as suggested in other posts around here).

    The microcell has been working fine in the past. I don't know if any of the tweaking I was doing for asterisk caused the problem, or whether perhaps AT&T downloaded new firmware to the microcell that made it start using udp 4500 where it hadn't before.