Project

General

Profile

Bug #4849

ipsec: keepalive not working; wrong source ip used

Added by Nicki Messerschmidt almost 4 years ago. Updated almost 4 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
07/16/2015
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:
amd64

Description

While debugging ipsec tunnels between two pfsenses I noticed that using ping on the command line does not work out of the box.
While pinging from a lan host to a remote host works flawlessly, pinging the same host from the pfsense cli does not.
When supplying a correct source adress (ping -S $lanAdress $remoteHost) it works without problems.

Now I have some ipsec tunnels timing out, even so even though an ip is supplied under "advance options -> Automatically ping host". I suspect that the pfsense cannot reach the remote net due to the same problem.

A dropdown would be needed where the source ip can be selected when pinging the remote host. Otherwise the packets will come from localhost and will never be routed into the tunnel.

History

#1 Updated by Chris Buechler almost 4 years ago

  • Status changed from New to Not a Bug
  • Target version deleted (2.2.4)
  • Affected Version deleted (2.2.3)

As I replied back on your forum thread last month, that's not true. Source IP selection is handled automatically, and correctly.

# ping_hosts.sh 
CARP interface is MASTER or non CARP (pinging ipsec hosts)
PROCESSING 192.168.226.1|192.168.224.1|3|||||inet|
Processing 192.168.224.1
PING 192.168.224.1 (192.168.224.1) from 192.168.226.1: 56 data bytes
64 bytes from 192.168.224.1: icmp_seq=1 ttl=64 time=0.527 ms
64 bytes from 192.168.224.1: icmp_seq=2 ttl=64 time=0.542 ms

Please follow up on your thread on the forum with answers to my questions to further troubleshoot. At least I'm assuming this is your thread from the same description. https://forum.pfsense.org/index.php?topic=95573.0

Also available in: Atom PDF