Bug #2688: Dynamic DNS IPsec endpoints not allowed through firewall rules - pfSense - pfSense bugtracker

Actions

Copy link

Bug #2688

closed

Dynamic DNS IPsec endpoints not allowed through firewall rules

Added by Seth Mos about 12 years ago. Updated almost 12 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

IPsec

Target version:

2.1

Start date:

11/19/2012

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.1

Affected Architecture:

Description

Previously in 2.1 there were rules in rules.debug for allowing IPsec traffic from dyndns hostname IPsec endpoints.

Moving from a July to a November snapshot broke this functionality. Because the IPsec is not allowed through the firewall the tunnels will obviously not come up anymore.

Workaround is creating 2 manual rules on the WAN interface to allow ESP and UDP 500 from anywhere to the CARP vip hosting the IPsec service. Since adding these as 300 separate rules or an alias is insane, everything we need is already in the IPsec config

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #2688

Dynamic DNS IPsec endpoints not allowed through firewall rules

Updated by Ermal Luçi about 12 years ago

Updated by Seth Mos almost 12 years ago