Mobile VPN does not add udp/esp rules if using IP Alias as responder
-
If you configure a different responder IP address for Mobile VPN (IKEv2), pfSense is not able to add the necessary rules into the firewall to enable udp/esp to enter.
The following comment appears next to the VPN rules in rule.debug:
Could not locate interface for IPsec: Mobile VPN
I have to add them in manually and it works fine, but it's somewhat annoying. Is this a known issue?
-
That an IP alias on localhost? In that circumstance, it can't determine the source of the traffic, so omits the rules.
-
Not sure what you mean by IP alias of localhost. It's a Virtual IP Address/IP Alias configured on the WAN interface. It is then chosen in the interface entry of Phase 1, instead of the WAN interface.
The reason I do this is to avoid exposing the Mobile VPN on the router's primary IP address.