Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.2.1 - Have to reload filter manually after IPSEC tunnel establishes

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 858 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      madas
      last edited by

      Hello,

      We have 2 pfsense firewalls both running 2.2.1.  We have an IPSEC site-site tunnel between them that has been causing no end of problems since the upgrade to 2.2 (and continues in 2.2.1).

      Now the tunnel establishes straight away but no traffic will pass.  If we go to each box and manually reload the filter then traffic starts to flow.

      Has anyone else seen this? or can anyone offer a solution?

      Thank you

      M

      UPDATE1: After about an hour the filter yet again has to be reloaded but now its totally unreliable and throwing away lots of traffic

      1 Reply Last reply Reply Quote 0
      • L
        lw9474
        last edited by

        We are seeing similar firewall problems with our remote administrator alias list.  After upgrade to 2.2.1 it randomly stops allowing traffic through the firewall that is based on that alias.
        From our main office we can hit them over the vpn connections.  Unfortunately we do not have a vpn connection from home to every router so that complicates life.  That was the purpose of the allowed list.  Whatever happens it usually clears itself up after some time.

        1 Reply Last reply Reply Quote 0
        • D
          dweimer
          last edited by

          I am seeing this as well, however I didn't realize that was the problem and was digging into the IPSec connection settings until I ran across this post, stopping and starting IPSec services, etc, reloading the filter is the fix. I haven't figured out anything more on why yet, but now that I know its a filter issue and not an IPSec issue. I at least know where to look now.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.