Bug #11181: pfSense throws IPsec phase 1 duplicate IP validation error incorrectly - pfSense - pfSense bugtracker

Actions

Copy link

Bug #11181

closed

pfSense throws IPsec phase 1 duplicate IP validation error incorrectly

Added by Kristopher Kolpin almost 4 years ago. Updated almost 4 years ago.

Status:

Duplicate

Priority:

Normal

Assignee:

Category:

IPsec

Target version:

Start date:

12/21/2020

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

Affected Architecture:

Description

In a multi-WAN environment pfSense should allow the use of two Phase 1's that have different origin IP's but the same destination IP. For example:

Site A: WAN (ISP-A) and WAN2 (ISP-B)
          |               /
          |              /
    IPsec P1   |             / IPsec P1
  Primary Link |            / Secondary Link
          |           /
            Site B: WAN (ISP-C)

However, pfSense throws the error, "The following input errors were detected: The remote gateway "x.x.x.x" is already used by phase1 ""."

This is problematic because we would like to take advantage of the IPsec Phase 2 Virtual Tunnel Interface (VTI) feature with policy routing to route traffic over the primary link. If the primary link fails the policy routing would transmit over the secondary link.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #11181

pfSense throws IPsec phase 1 duplicate IP validation error incorrectly

Updated by Kristopher Kolpin almost 4 years ago

Updated by Kristopher Kolpin almost 4 years ago

Updated by Jim Pingle almost 4 years ago