Bug #3312
open
Gateway on IPsec rules is not functional in pf
0%
Description
When selecting a gateway on an IPsec tab rule, the GUI looks correct, the generated pf rule looks correct in /tmp/rules.debug, and even looks correct in "pfctl -sr" output, however the traffic does not actually respect the gateway. It only exits via the default route no matter what has been chosen.
If you configure a rule to force the traffic out WAN2 it still exits via WAN if WAN is default. If a load balancing group is selected the traffic ignores WAN2.
Traffic on non-IPsec interfaces appears to function normally at the time.
Updated by Chris Buechler almost 11 years ago
- Target version deleted (
2.1.1)
has this ever worked? Offhand I can't recall seeing anyone doing that.
Updated by Jos Andel over 10 years ago
Chris Buechler wrote:
has this ever worked? Offhand I can't recall seeing anyone doing that.
Yes, this worked fine in 1.2.3 and 2.0.1. We have done this for many years to route traffic from remote locations to our core-router. Traffic to internet from our 400+ remote locations has to go through the core to be handled on another internet-gateway on another line than the VPN-box is on.
Recently I upgraded to 2.1.3 and found out it stopped working. See Issue #3653 for detailed information I provided.
Updated by Frédéric Pougnault about 10 years ago
hello,
I installed 2.1.5 and when I put a getaway on ipsec rules, traffic goes to the default.
Is it a bug?
Updated by Chunlin Yao almost 5 years ago
I blocked by this problem.Using pfsense 2.4.4
Are there any workaround?
I don't known why it is working now.