Hi All,
The last few weeks there was a lot of discussion about IPSEC in pf2.2 and 2.2.1 The config is as follows on both sites: IPSEC setup: Phase 1: IKE V2 Mutual PSK Encryption: AES 128 HA: SHA1 DH Key group: 2 (1024bit) NAT T: auto DPD enabled Phase 2: Protocol: ESP Encryption: AES 128 HA: SHA1 PFS key group: 2 (1024bit) Firewall rules on IPSEC: Any any any allow Now the problem: After updating from 2.1.5 to 2.2 and even after updating to 2.2.1 on i386 and AMD64 platforms in a mix of NanoBSD and full installs Traffic from site A to site B initiates the IPSEC tunnel from site A to site B, but no traffic returns. When I setup a keep alive ping in phase 2 on both sites the connection stays up and the connection is stable. This config makes it usable but is not the desired config. The tunnel should be initiated when it's needed to save resources on the firewall hardware. We changed from Cisco to PF for many reasons, but these problems make me wonder if I made the right dissicion. Met vriendelijke groet, J.P. de Waal (Jochem) Afdeling Hardware en Support Robbertsmatenstraat 14 8081 HL Elburg Tel.nr.: +31 (0)525 690 630 (optie 4) Fax nr.: +31 (0)525 690 250 Mobiel: +31 (0)657 310 348 email: [email protected] <mailto:[email protected]> internet: www.caresoft.nl <http://www.caresoft.nl/>
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
