Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Mobile VPN does not add udp/esp rules if using IP Alias as responder

    IPsec
    2
    3
    467
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      ltctech last edited by

      If you configure a different responder IP address for Mobile VPN (IKEv2), pfSense is not able to add the necessary rules into the firewall to enable udp/esp to enter.

      The following comment appears next to the VPN rules in rule.debug:

      Could not locate interface for IPsec: Mobile VPN

      I have to add them in manually and it works fine, but it's somewhat annoying. Is this a known issue?

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        That an IP alias on localhost? In that circumstance, it can't determine the source of the traffic, so omits the rules.

        1 Reply Last reply Reply Quote 0
        • L
          ltctech last edited by

          Not sure what you mean by IP alias of localhost. It's a Virtual IP Address/IP Alias configured on the WAN interface. It is then chosen in the interface entry of Phase 1, instead of the WAN interface.

          The reason I do this is to avoid exposing the Mobile VPN on the router's primary IP address.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post