4. IKEv2 / Multiple Phase 2 issue

IKEv2 / Multiple Phase 2 issue

  • R

    So now that I've stopped pulling my hair out, I thought I would share this in the event that it helps someone else.

    Using pfSense 2.2.2 (and then 2.2.4), building an IPSec tunnel to a Sonic Wall.  There were two Phase 2 entries (one for each LAN on the Sonic Wall end) and every time I tried to bring the VPN tunnel up, one Phase 2 or the other would pass traffic, but never both.  Oddly, there were times when one would pass a few packets (3-5) and then yield to the other tunnel permanently.

    I changed everything I could think of, but could not get it to work.  I even saw a reference to an old bug that said if you copy your first Phase 2 entry to create your second Phase 2 entry, there were issues.  This was supposedly resolved in 2.2.1 as I recall, but tried the workaround of creating manually and still had no love.

    Stepped back to IKEv1 Main Mode on both ends and it came up, stayed up, and everything seems to be happy now.

    At this point I am 99% sure I've encountered a bug of some sort….......

    Rick
    (human flypaper)

    0
  • C

    Sonicwall has the same bug/lacking feature as Cisco ASAs with IKEv2 there.
    https://redmine.pfsense.org/issues/4704

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy