Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Ipsec and gateways

    IPsec
    1
    2
    460
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thorolason last edited by

      I'm Setting up ipsec on one of your firewalls. I have ipsec running fine with stable results on other firewalls.

      What is special with this setup is that I have 2 gateways on the WAN interface. This is actually only to access the test environment, when in production I will only have 1 gateway.

      The problem arises that every time some ipsec configuration is done or ipsec restartet then pfsense adds a static host route to the default gw for the connection.

      I however dont want to use the default gw but the other gateway as stated in my routing table.
      Deleting the auto added static route to the default gateway replacing it with a host route works sometimes and sometimes not !

      i.e.
      normal routing table before ipsec started. (ip ar changed)

      default            100.101.102.217    UGS        0 120402057621    ix3
      200.201.202.176/29 100.101.102.220    UGS        0  165912    ix3
      200.201.202.178/32 100.101.102.220    UGS        0    1773    ix3

      after starting ipsec a host route is added automaticly to the default gw
      default            100.101.102.217    UGS        0 120402057621    ix3
      200.201.202.176/29 100.101.102.220    UGS        0  165912    ix3
      200.201.202.178    100.101.102.217    UGHS        0      11    ix3 =>
      200.201.202.178/32 100.101.102.220    UGS        0    1773    ix3

      after deleting the auto added route the tunnel sometimes works and somtetime does not

      default            100.101.102.217    UGS        0 120402057621    ix3
      200.201.202.176/29 100.101.102.220    UGS        0  165912    ix3
      200.201.202.178/32 100.101.102.220    UGS        0    1773    ix3

      cheers / Thor

      1 Reply Last reply Reply Quote 0
      • T
        thorolason last edited by

        Right so I figured out why it was sometimes working and sometimes not.

        When I do confguration changes to ipsec - pfsense removes my static host route and replaces it with own.
        i.e after I do configuration changes to ipsec i have to:
        make a new static route
        delete the static route pfsense automatically added.

        In case of just restarting ipsec pfsense does not delete my static route
        i.e after restarting racoon i just need to purge the route pfsense added during the racoon restart.

        Ok workaround for my test setup, but it would be preferable if possible to define a gateway e.g. in the phase1 configuration.

        Cheers / Thor

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy