Bug #5500
closedIPsec won't create firewall rules when you use an IP Alias on "Interface"
100%
Description
Set interface to an IP Alias:
[2.2.5-RELEASE]/root: pfctl -sr |grep -i ipsec
anchor "ipsec/*" all
pass out on enc0 all flags S/SA keep state label "IPsec internal host to host"
Set interface to an interface "name" (like WAN, LAN)
[2.2.5-RELEASE]/root: pfctl -sr | grep -i ipsec
anchor "ipsec/*" all
pass out on enc0 all flags S/SA keep state label "IPsec internal host to host"
pass out route-to (vmx2 201.72.x.x) inet proto udp from (self) to 170.66.x.x port = isakmp keep state label "IPsec: Acesso BB - outbound isakmp"
pass in on vmx2 reply-to (vmx2 201.72.x.x) inet proto udp from 170.66.x.x to (self) port = isakmp keep state label "IPsec: Acesso BB - inbound isakmp"
pass out route-to (vmx2 201.72.x.x) inet proto udp from (self) to 170.66.x.x port = sae-urn keep state label "IPsec: Acesso BB - outbound nat-t"
pass in on vmx2 reply-to (vmx2 201.72.x.x) inet proto udp from 170.66.x.x to (self) port = sae-urn keep state label "IPsec: Acesso BB - inbound nat-t"
pass out route-to (vmx2 201.72.x.x) inet proto esp from (self) to 170.66.x.x keep state label "IPsec: Acesso BB - outbound esp proto"
pass in on vmx2 reply-to (vmx2 201.72.x.x) inet proto esp from 170.66.x.x to (self) keep state label "IPsec: Acesso BB - inbound esp proto"
Updated by Chris Buechler about 9 years ago
- Project changed from pfSense Packages to pfSense
- Category set to IPsec
Updated by Jim Thompson about 9 years ago
- Assignee set to Chris Buechler
assigned to cmb for confirmation.
Updated by Chris Buechler almost 9 years ago
- Status changed from New to Feedback
- Affected Version changed from 2.2.x to All
should be fixed, leaving for additional confirmation.
Updated by Jim Thompson almost 9 years ago
- Status changed from Resolved to Assigned
- Assignee changed from Chris Buechler to Luiz Souza
reopened, assigned to Luiz. apparently there is a better fix.
Updated by Luiz Souza almost 9 years ago
- Status changed from Assigned to Resolved
- % Done changed from 0 to 100
This is now fixed and tested with CARP and IP Aliases.
Updated by Chris Buechler almost 9 years ago
- Status changed from Resolved to Feedback
- Assignee changed from Luiz Souza to Chris Buechler
to me to confirm
Updated by Chris Buechler almost 9 years ago
- Status changed from Feedback to Resolved
still correct for IP aliases and CARP