Project

General

Profile

Actions

Bug #5500

closed

IPsec won't create firewall rules when you use an IP Alias on "Interface"

Added by Heiler Bemerguy almost 6 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
11/20/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Set interface to an IP Alias:
[2.2.5-RELEASE]/root: pfctl -sr |grep -i ipsec
anchor "ipsec/*" all
pass out on enc0 all flags S/SA keep state label "IPsec internal host to host"

Set interface to an interface "name" (like WAN, LAN)
[2.2.5-RELEASE]/root: pfctl -sr | grep -i ipsec
anchor "ipsec/*" all
pass out on enc0 all flags S/SA keep state label "IPsec internal host to host"
pass out route-to (vmx2 201.72.x.x) inet proto udp from (self) to 170.66.x.x port = isakmp keep state label "IPsec: Acesso BB - outbound isakmp"
pass in on vmx2 reply-to (vmx2 201.72.x.x) inet proto udp from 170.66.x.x to (self) port = isakmp keep state label "IPsec: Acesso BB - inbound isakmp"
pass out route-to (vmx2 201.72.x.x) inet proto udp from (self) to 170.66.x.x port = sae-urn keep state label "IPsec: Acesso BB - outbound nat-t"
pass in on vmx2 reply-to (vmx2 201.72.x.x) inet proto udp from 170.66.x.x to (self) port = sae-urn keep state label "IPsec: Acesso BB - inbound nat-t"
pass out route-to (vmx2 201.72.x.x) inet proto esp from (self) to 170.66.x.x keep state label "IPsec: Acesso BB - outbound esp proto"
pass in on vmx2 reply-to (vmx2 201.72.x.x) inet proto esp from 170.66.x.x to (self) keep state label "IPsec: Acesso BB - inbound esp proto"

Actions #1

Updated by Chris Buechler almost 6 years ago

  • Project changed from pfSense Packages to pfSense
  • Category set to IPsec
Actions #2

Updated by Jim Thompson almost 6 years ago

  • Assignee set to Chris Buechler

assigned to cmb for confirmation.

Actions #3

Updated by Chris Buechler over 5 years ago

  • Status changed from New to Feedback
  • Affected Version changed from 2.2.x to All

should be fixed, leaving for additional confirmation.

Actions #4

Updated by Chris Buechler over 5 years ago

  • Status changed from Feedback to Resolved

works

Actions #5

Updated by Jim Thompson over 5 years ago

  • Status changed from Resolved to Assigned
  • Assignee changed from Chris Buechler to Luiz Souza

reopened, assigned to Luiz. apparently there is a better fix.

Actions #6

Updated by Luiz Souza over 5 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

This is now fixed and tested with CARP and IP Aliases.

Actions #7

Updated by Chris Buechler over 5 years ago

  • Status changed from Resolved to Feedback
  • Assignee changed from Luiz Souza to Chris Buechler

to me to confirm

Actions #8

Updated by Chris Buechler over 5 years ago

  • Status changed from Feedback to Resolved

still correct for IP aliases and CARP

Actions

Also available in: Atom PDF