Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    2.2.1 - Have to reload filter manually after IPSEC tunnel establishes

    IPsec
    3
    3
    651
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      madas last edited by

      Hello,

      We have 2 pfsense firewalls both running 2.2.1.  We have an IPSEC site-site tunnel between them that has been causing no end of problems since the upgrade to 2.2 (and continues in 2.2.1).

      Now the tunnel establishes straight away but no traffic will pass.  If we go to each box and manually reload the filter then traffic starts to flow.

      Has anyone else seen this? or can anyone offer a solution?

      Thank you

      M

      UPDATE1: After about an hour the filter yet again has to be reloaded but now its totally unreliable and throwing away lots of traffic

      1 Reply Last reply Reply Quote 0
      • L
        lw9474 last edited by

        We are seeing similar firewall problems with our remote administrator alias list.  After upgrade to 2.2.1 it randomly stops allowing traffic through the firewall that is based on that alias.
        From our main office we can hit them over the vpn connections.  Unfortunately we do not have a vpn connection from home to every router so that complicates life.  That was the purpose of the allowed list.  Whatever happens it usually clears itself up after some time.

        1 Reply Last reply Reply Quote 0
        • D
          dweimer last edited by

          I am seeing this as well, however I didn't realize that was the problem and was digging into the IPSec connection settings until I ran across this post, stopping and starting IPSec services, etc, reloading the filter is the fix. I haven't figured out anything more on why yet, but now that I know its a filter issue and not an IPSec issue. I at least know where to look now.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post