Project

General

Profile

Actions
Copy link

Bug #11181

closed

pfSense throws IPsec phase 1 duplicate IP validation error incorrectly

Added by Kristopher Kolpin almost 4 years ago. Updated almost 4 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
12/21/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

In a multi-WAN environment pfSense should allow the use of two Phase 1's that have different origin IP's but the same destination IP. For example:

Site A: WAN (ISP-A) and WAN2 (ISP-B)
          |               /
          |              /
    IPsec P1   |             / IPsec P1
  Primary Link |            / Secondary Link
          |           /
            Site B: WAN (ISP-C)

However, pfSense throws the error, "The following input errors were detected: The remote gateway "x.x.x.x" is already used by phase1 ""."

This is problematic because we would like to take advantage of the IPsec Phase 2 Virtual Tunnel Interface (VTI) feature with policy routing to route traffic over the primary link. If the primary link fails the policy routing would transmit over the secondary link.

Actions
Copy link
 #1

Updated by Kristopher Kolpin almost 4 years ago

To pfSense Redmine Admin: Please sanitize IP address in initial description of this ticket.

Thanks in advance.

Actions
Copy link
 #2

Updated by Kristopher Kolpin almost 4 years ago

Affects version 2.4.5p1 AMD64.

Actions
Copy link
 #3

Updated by Jim Pingle almost 4 years ago

  • Description updated (diff)
  • Status changed from New to Duplicate

This is already done in the next version. See #10214

Actions
Copy link

Also available in: Atom PDF