Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipsec and gateways

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 770 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thorolason
      last edited by

      I'm Setting up ipsec on one of your firewalls. I have ipsec running fine with stable results on other firewalls.

      What is special with this setup is that I have 2 gateways on the WAN interface. This is actually only to access the test environment, when in production I will only have 1 gateway.

      The problem arises that every time some ipsec configuration is done or ipsec restartet then pfsense adds a static host route to the default gw for the connection.

      I however dont want to use the default gw but the other gateway as stated in my routing table.
      Deleting the auto added static route to the default gateway replacing it with a host route works sometimes and sometimes not !

      i.e.
      normal routing table before ipsec started. (ip ar changed)

      default            100.101.102.217    UGS        0 120402057621    ix3
      200.201.202.176/29 100.101.102.220    UGS        0  165912    ix3
      200.201.202.178/32 100.101.102.220    UGS        0    1773    ix3

      after starting ipsec a host route is added automaticly to the default gw
      default            100.101.102.217    UGS        0 120402057621    ix3
      200.201.202.176/29 100.101.102.220    UGS        0  165912    ix3
      200.201.202.178    100.101.102.217    UGHS        0      11    ix3 =>
      200.201.202.178/32 100.101.102.220    UGS        0    1773    ix3

      after deleting the auto added route the tunnel sometimes works and somtetime does not

      default            100.101.102.217    UGS        0 120402057621    ix3
      200.201.202.176/29 100.101.102.220    UGS        0  165912    ix3
      200.201.202.178/32 100.101.102.220    UGS        0    1773    ix3

      cheers / Thor

      1 Reply Last reply Reply Quote 0
      • T
        thorolason
        last edited by

        Right so I figured out why it was sometimes working and sometimes not.

        When I do confguration changes to ipsec - pfsense removes my static host route and replaces it with own.
        i.e after I do configuration changes to ipsec i have to:
        make a new static route
        delete the static route pfsense automatically added.

        In case of just restarting ipsec pfsense does not delete my static route
        i.e after restarting racoon i just need to purge the route pfsense added during the racoon restart.

        Ok workaround for my test setup, but it would be preferable if possible to define a gateway e.g. in the phase1 configuration.

        Cheers / Thor

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.