2.2.1 - Have to reload filter manually after IPSEC tunnel establishes



  • Hello,

    We have 2 pfsense firewalls both running 2.2.1.  We have an IPSEC site-site tunnel between them that has been causing no end of problems since the upgrade to 2.2 (and continues in 2.2.1).

    Now the tunnel establishes straight away but no traffic will pass.  If we go to each box and manually reload the filter then traffic starts to flow.

    Has anyone else seen this? or can anyone offer a solution?

    Thank you

    M

    UPDATE1: After about an hour the filter yet again has to be reloaded but now its totally unreliable and throwing away lots of traffic



  • We are seeing similar firewall problems with our remote administrator alias list.  After upgrade to 2.2.1 it randomly stops allowing traffic through the firewall that is based on that alias.
    From our main office we can hit them over the vpn connections.  Unfortunately we do not have a vpn connection from home to every router so that complicates life.  That was the purpose of the allowed list.  Whatever happens it usually clears itself up after some time.



  • I am seeing this as well, however I didn't realize that was the problem and was digging into the IPSec connection settings until I ran across this post, stopping and starting IPSec services, etc, reloading the filter is the fix. I haven't figured out anything more on why yet, but now that I know its a filter issue and not an IPSec issue. I at least know where to look now.


Log in to reply