Project

General

Profile

Actions

Bug #11181

closed

pfSense throws IPsec phase 1 duplicate IP validation error incorrectly

Added by Kristopher Kolpin almost 4 years ago. Updated almost 4 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
12/21/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

In a multi-WAN environment pfSense should allow the use of two Phase 1's that have different origin IP's but the same destination IP. For example:

Site A: WAN (ISP-A) and WAN2 (ISP-B)
          |               /
          |              /
IPsec P1 | / IPsec P1
Primary Link | / Secondary Link | /
Site B: WAN (ISP-C)

However, pfSense throws the error, "The following input errors were detected: The remote gateway "x.x.x.x" is already used by phase1 ""."

This is problematic because we would like to take advantage of the IPsec Phase 2 Virtual Tunnel Interface (VTI) feature with policy routing to route traffic over the primary link. If the primary link fails the policy routing would transmit over the secondary link.

Actions

Also available in: Atom PDF