Project

General

Profile

Actions

Bug #13359

closed

bug found: ipsec vpn ipv4 and web management (trusted hosts) do not work together

Added by Alex Zaykov over 2 years ago. Updated over 2 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Hi

the bus gas been noticed on on latest pfsense+ 22.05, I have an ipsec tunnel between 2 routers: using ipv4 addresses as tunnel end point ips

my pfsense is in the cloud and installed on the remote VPS, I can access it via public ip (accessed via trusted IPs that have been addedin the fw rules on pfsense ) the other end is my home and I am connecting from home.

I noticed that every time when I access it (pfsnse) the IP I am coming from is always ipv6, being curious I disabled ipv6 stack from my network card and could not log in at all via ipv4.

Opened it from the other pc via ipv6, did packet capture: when I try to connect from my pc (same IP v4 as as the remote tunnel end from the pfsense perspective) I see 0 attempts in the logs:

These are the only logs I was able to see, there is no port 443 https logs at all, just port 500 for ipsec

19:09:12.395810 IP 109.107.xxx.xxx.500 (this is the pfsense side) > 121.99.xxx.xxx.500: UDP, length 80 (this is me from home pc)
19:09:12.702034 IP 121.99.xxx.xxx.500 > 109.107.xxx.xxx.500: UDP, length 80

======================================================

disabled ipsec tunnel on the pfsense, was immediately able to connect from pc on ipv4 to the remote pfsense, then reenabled ipsec and immediately lost ipv4 management of Pfsense

19:10:35.879707 IP 121.99.xxx.xxx.58635 > 109.107.xxx.xxx.443: tcp 0
19:10:35.879853 IP 109.107.xxx.xxx.443 > 121.99.xxx.xxx.58635: tcp 0

https://forum.netgate.com/topic/173480/bug-found-ipsec-vpn-ipv4-and-web-management-do-not-work-together?_=1657971319399

can that be replicated?
thank you

Actions #1

Updated by Marcos M over 2 years ago

  • Status changed from New to Not a Bug

This is almost certainly a configuration issue, either on pfSense itself or the hosting platform. Please continue the discussion in community forums.

Actions

Also available in: Atom PDF