Project

General

Profile

Bug #3312

Gateway on IPsec rules is not functional in pf

Added by Jim Pingle almost 6 years ago. Updated about 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
11/11/2013
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.1
Affected Architecture:

Description

When selecting a gateway on an IPsec tab rule, the GUI looks correct, the generated pf rule looks correct in /tmp/rules.debug, and even looks correct in "pfctl -sr" output, however the traffic does not actually respect the gateway. It only exits via the default route no matter what has been chosen.

If you configure a rule to force the traffic out WAN2 it still exits via WAN if WAN is default. If a load balancing group is selected the traffic ignores WAN2.

Traffic on non-IPsec interfaces appears to function normally at the time.

History

#1 Updated by Chris Buechler over 5 years ago

  • Target version deleted (2.1.1)

has this ever worked? Offhand I can't recall seeing anyone doing that.

#2 Updated by Jos Andel over 5 years ago

Chris Buechler wrote:

has this ever worked? Offhand I can't recall seeing anyone doing that.

Yes, this worked fine in 1.2.3 and 2.0.1. We have done this for many years to route traffic from remote locations to our core-router. Traffic to internet from our 400+ remote locations has to go through the core to be handled on another internet-gateway on another line than the VPN-box is on.

Recently I upgraded to 2.1.3 and found out it stopped working. See Issue #3653 for detailed information I provided.

#3 Updated by Frédéric Pougnault about 5 years ago

hello,

I installed 2.1.5 and when I put a getaway on ipsec rules, traffic goes to the default.
Is it a bug?

Also available in: Atom PDF