IPSEC tunnel problem after upgrade to version 2.2.6

  • Hello.

    I have an IPSEC tunnel that was working till yesterday when I upgrade my PFSENSE to version 2.2.6.

    My tunnel have got configured  NAT/BINAT like this under Local Network in Phase 2 Config.

    As far as I know the first IP address PFsense is going to use to present itself at the other side of the tunnel is:

    My counterpart at the other side of the tunnel email me saying Iam trying to connect to his network using and he have configured is firewalls to let me in using

    I insist this tunnel was working perfectly until upgrade to 2.2.6

    There is any chance that this could be a bug in the new version?

    Thanks for your time,



    We have modified both sides of the tunnel to match instead of in NAT/BINAT under Local Network in Phase 2 Config.

    With this modification the tunnel is up and running perfectly.

    Pherpaps PFSENSE is using IP as the first valid IP address to subnet in the new version 2.2.6?


  • What version did you upgrade from? That code hasn't changed in quite some time other than fixing a couple edge cases that didn't work at all previously. Do you have any outbound NAT rules on the IPsec interface? Firewall>NAT, Outbound tab.

  • Thanks for your reply.

    We upgrade from version 2.2.3 -> 2.2.6

    Not at all. There is any rule in Firewall->Nat, Outbound tab for IPSEC Interface.

    As I said in the original post. This configuration was working perfectly BEFORE the upgrade. After that my counterpart at the other side of the tunnel start complain that I wasn't use the right IP Address to access his network.

    The problem was solved changing the Local Network config at phase 2, changing the subnet /29 just to a single IP address. We have to do it at both sides of the tunnel, ofcourse.

    The firewall at the other side of the tunnel is a Fortinet, and we had a hard time making the tunnel work in the past (with PFSense 2.2.3), but when it start to work it was rock solid.

    Looking at:

    2.2.3 - release notes
    2.2.6 - release notes

    I notice that StrongSwan upgrade from version 5.3.2 in PFSense 2.2.3 to version 5.3.5 in PFSense 2.2.6. Pheraps there is some change there.