• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

SOLVED : site-to-site with multiple vlan issue

Scheduled Pinned Locked Moved IPsec
7 Posts 4 Posters 1.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    corotte
    last edited by Jul 10, 2015, 2:46 AM Jun 27, 2015, 1:46 AM

    Hi,

    i tryed to find a similar issue on the forum but did not find one.

    i'm working with two pfsense box both 2.2.3

    one box have 5 vlan and the other one only a single LAN

    they are presently configured with a site to site ipsec VPN since a good time with 3 vlan (since 2.1.1 if i remember well) and never got an issue until i try to add a new vlan in the Phase 2 ruleset in 2.2.2 a few weeks ago

    i created the Phase 2 exactly as the other working ones but this link won't establish and i see the same exact error as the network mismatch one in the PfSense IPSEC troubleshoot guide https://doc.pfsense.org/index.php/IPsec_Troubleshooting

    the problem is that the 3 others are still working except this one and i've recreate it several time and recopy the same config

    here is a quick screenshot from both box

    Does somebody has this issue before ?

    EDIT : thes last VLAN (VLAN5SECURITE 10.5.0.0/16) is the one that's iving me trouble

    1 Reply Last reply Reply Quote 0
    • V
      vbentley
      last edited by Jun 27, 2015, 9:46 AM

      Sorry, I can't really help with your issue.

      My VLANs do not share local or remote subnets.
      Each has a different IP range.
      Each VLAN interface has a unique IP address.
      The only thing that is shared is either a physical interface on pfSense or a physical port in an Ethernet switch.

      Trademark Attribution and Credit
      pfSense® and pfSense Certified® are registered trademarks of Electric Sheep Fencing, LLC in the United States and other countries.

      1 Reply Last reply Reply Quote 0
      • G
        georgeman
        last edited by Jun 28, 2015, 8:16 PM

        Update to v2.2.3 and try again. v2.2.2 still had issues with multiple Ph2's

        If it ain't broke, you haven't tampered enough with it

        1 Reply Last reply Reply Quote 0
        • C
          corotte
          last edited by Jun 29, 2015, 4:35 PM Jun 29, 2015, 12:14 AM

          they are already 2.2.3 as per first post. it started in 2.2.2 when we needed to add this vlan to the ipsec phase 2 ruleset

          i was getting hope that 2.2.3 will fix this it was not the case :(

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by Jun 29, 2015, 6:55 PM

            Double check Status>Interfaces on "box 1", I suspect it's not actually a /16 given the description.

            1 Reply Last reply Reply Quote 0
            • C
              corotte
              last edited by Jul 3, 2015, 4:32 PM

              sorry for delay (got some holydays  ;)  )

              /16 is correct. 3 of the 4 vlan are /16 and one is /24

              i've double check on both side to be sure and settings are OK

              1 Reply Last reply Reply Quote 0
              • C
                corotte
                last edited by Jul 10, 2015, 2:46 AM

                just for a positive update : it started working by itself wothout any intervention.

                i've lost a part of the log (maybe log rotate process …) but look like ipsec reset on 4th july and then the faulty vlan work now over ipsec

                very very weir but solved now  :D

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received