LAN not available after upgrading to 2.2



  • Hi all

    Has already created a theme here https://forum.pfsense.org/index.php?topic=89127.0, but there is no answer.

    If ipsec up with local network: LAN subnet –- remote network 0.0.0.0/0 when requests on lan ip pfsense sended on remote gateway.

    Diagnostics-Ping:
    on localhost - 0.0% packet loss
    on lan ip (statis on em0) - 100% packet loss

    pfSense can not process the requests from local network.
    Requests on pfsense of the remote network successful.

    If ipsec up with local network: LAN subnet --- remote network !(0.0.0.0/0) (for example 192.168.0.0/24): it's work!

    Web-gui is available from the lan network. DNS and authentification on AD also work.

    Diagnostics-Ping: lan ip pfsense - 0.0% packer loss.

    But I need exactly this policy (remote network 0.0.0.0/0).

    Is this a bug?



  • any ideas? What can be done check?



  • This is the expected end result given we don't add exclusions for the LAN IP anymore. That'll return in some manner in the future, likely automatically as previous versions did it for 2.2.2.



  • @cmb:

    This is the expected end result given we don't add exclusions for the LAN IP anymore. That'll return in some manner in the future, likely automatically as previous versions did it for 2.2.2.

    thank you



  • @cmb:

    This is the expected end result given we don't add exclusions for the LAN IP anymore. That'll return in some manner in the future, likely automatically as previous versions did it for 2.2.2.

    So does this mean I cannot have a remote gateway over IPsec anymore until the exclusions are added again?

    (for example as explained in https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnel)

    Hmm, that kind of sucks… Using the instructions described in the link above cause the local LAN to 'disappear' in a way that even clients cannot reach it anymore (and thus cannot access the internet via the IPsec tunnel). Anyone knows a workaround for this?


Log in to reply