ipsec: keepalive not working; wrong source ip used
While debugging ipsec tunnels between two pfsenses I noticed that using ping on the command line does not work out of the box.
While pinging from a lan host to a remote host works flawlessly, pinging the same host from the pfsense cli does not.
When supplying a correct source adress (ping -S $lanAdress $remoteHost) it works without problems.
Now I have some ipsec tunnels timing out, even so even though an ip is supplied under "advance options -> Automatically ping host". I suspect that the pfsense cannot reach the remote net due to the same problem.
A dropdown would be needed where the source ip can be selected when pinging the remote host. Otherwise the packets will come from localhost and will never be routed into the tunnel.
#1 Updated by Chris Buechler about 4 years ago
- Status changed from New to Not a Bug
- Target version deleted (
- Affected Version deleted (
As I replied back on your forum thread last month, that's not true. Source IP selection is handled automatically, and correctly.
# ping_hosts.sh CARP interface is MASTER or non CARP (pinging ipsec hosts) PROCESSING 192.168.226.1|192.168.224.1|3|||||inet| Processing 192.168.224.1 PING 192.168.224.1 (192.168.224.1) from 192.168.226.1: 56 data bytes 64 bytes from 192.168.224.1: icmp_seq=1 ttl=64 time=0.527 ms 64 bytes from 192.168.224.1: icmp_seq=2 ttl=64 time=0.542 ms
Please follow up on your thread on the forum with answers to my questions to further troubleshoot. At least I'm assuming this is your thread from the same description. https://forum.pfsense.org/index.php?topic=95573.0