Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IKEv2 / Multiple Phase 2 issue

    IPsec
    2
    2
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rmancinelli
      last edited by

      So now that I've stopped pulling my hair out, I thought I would share this in the event that it helps someone else.

      Using pfSense 2.2.2 (and then 2.2.4), building an IPSec tunnel to a Sonic Wall.  There were two Phase 2 entries (one for each LAN on the Sonic Wall end) and every time I tried to bring the VPN tunnel up, one Phase 2 or the other would pass traffic, but never both.  Oddly, there were times when one would pass a few packets (3-5) and then yield to the other tunnel permanently.

      I changed everything I could think of, but could not get it to work.  I even saw a reference to an old bug that said if you copy your first Phase 2 entry to create your second Phase 2 entry, there were issues.  This was supposedly resolved in 2.2.1 as I recall, but tried the workaround of creating manually and still had no love.

      Stepped back to IKEv1 Main Mode on both ends and it came up, stayed up, and everything seems to be happy now.

      At this point I am 99% sure I've encountered a bug of some sort….......

      Rick
      (human flypaper)

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Sonicwall has the same bug/lacking feature as Cisco ASAs with IKEv2 there.
        https://redmine.pfsense.org/issues/4704

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.