Re: [pfSense] Interesting Road Warrior IPsec Behavior with BBZ10

2014-06-17 Thread Wade Blackwell 
Ryan good morning,
   Tweaked yes, I haven't recreated it from scratch no. I'll do that
and see if it's repeatable. I'm currently dealing with racoon stealing all
available CPU and not negotiating any phase1/2 connections (site to site).
The interesting this is when doing packet captures on the ipsec interface
and internal interfaces I don't see any traffic engressing. I have a permit
any any rule for IPsec traffic and am accepting ESP and isakmp on both wan
interfaces. Thanks for the reply Ryan, I hope you enjoyed your vacation ;-)

-W

Wade Blackwell
Solutions Architect
(D) 805.457.8825
(C) 805.400.8485
(S) coc.wadeblackwell


On Mon, Jun 16, 2014 at 7:33 PM, Ryan Coleman  wrote:

> Since no one has responded to you and I was on vacation when you sent the
> first message I will ask the obvious:
> Have you removed the configuration, recreated and seen it continue?
>
> On Jun 16, 2014, at 12:00, Wade Blackwell  wrote:
>
> Anyone?
>
> -W
>
> Wade Blackwell
> Solutions Architect
> (D) 805.457.8825
> (C) 805.400.8485
> (S) coc.wadeblackwell
>
>
> On Sun, May 25, 2014 at 11:21 AM, Wade Blackwell  wrote:
>
>> Good morning all,
>>I'm running 2.1.2-RELEASE (i386)nanobsd 4g (Netgate) and the Z10
>> is running 10.2.1.2228. I used the following link
>> . it appeared to
>> work fabulously until I attempted to pass traffic which I could not.
>> Advanced outbound nat is being used and the road warrior IPsec subnet is
>> included for both Wan interfaces (dual wan setup and working. Another very
>> strange side effect is the Z10 is spawning many IPsec sessions, current
>> count is 212;
>>
>>
>>
>> . Has anyone seen this behavior? I don't see a route to the Road Warrior
>> subnet or client IP when the phone is connected (172.31.2./24 is the
>> subnet allocated). Any feedback would be great, thanks so much!
>>
>>   -W
>>
>> Wade Blackwell
>> Solutions Architect
>> (D) 805.457.8825
>> (C) 805.400.8485
>> (S) coc.wadeblackwell
>>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
>
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Interesting Road Warrior IPsec Behavior with BBZ10

2014-06-16 Thread Ryan Coleman 
Since no one has responded to you and I was on vacation when you sent the first 
message I will ask the obvious:
Have you removed the configuration, recreated and seen it continue?

On Jun 16, 2014, at 12:00, Wade Blackwell  wrote:

> Anyone?
> 
> -W
> 
> Wade Blackwell
> Solutions Architect
> (D) 805.457.8825
> (C) 805.400.8485
> (S) coc.wadeblackwell
> 
> 
> On Sun, May 25, 2014 at 11:21 AM, Wade Blackwell  wrote:
> Good morning all,
>I'm running 2.1.2-RELEASE (i386)nanobsd 4g (Netgate) and the Z10 is 
> running 10.2.1.2228. I used the following link. it appeared to work 
> fabulously until I attempted to pass traffic which I could not. Advanced 
> outbound nat is being used and the road warrior IPsec subnet is included for 
> both Wan interfaces (dual wan setup and working. Another very strange side 
> effect is the Z10 is spawning many IPsec sessions, current count is 212;
> 
> 
> 
> . Has anyone seen this behavior? I don't see a route to the Road Warrior 
> subnet or client IP when the phone is connected (172.31.2./24 is the subnet 
> allocated). Any feedback would be great, thanks so much!
> 
>   -W
> 
> Wade Blackwell
> Solutions Architect
> (D) 805.457.8825
> (C) 805.400.8485
> (S) coc.wadeblackwell
> 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Interesting Road Warrior IPsec Behavior with BBZ10

2014-06-16 Thread Wade Blackwell 
Anyone?

-W

Wade Blackwell
Solutions Architect
(D) 805.457.8825
(C) 805.400.8485
(S) coc.wadeblackwell


On Sun, May 25, 2014 at 11:21 AM, Wade Blackwell  wrote:

> Good morning all,
>I'm running 2.1.2-RELEASE (i386)nanobsd 4g (Netgate) and the Z10 is
> running 10.2.1.2228. I used the following link
> . it appeared to
> work fabulously until I attempted to pass traffic which I could not.
> Advanced outbound nat is being used and the road warrior IPsec subnet is
> included for both Wan interfaces (dual wan setup and working. Another very
> strange side effect is the Z10 is spawning many IPsec sessions, current
> count is 212;
>
>
>
> . Has anyone seen this behavior? I don't see a route to the Road Warrior
> subnet or client IP when the phone is connected (172.31.2./24 is the
> subnet allocated). Any feedback would be great, thanks so much!
>
>   -W
>
> Wade Blackwell
> Solutions Architect
> (D) 805.457.8825
> (C) 805.400.8485
> (S) coc.wadeblackwell
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Interesting Road Warrior IPsec Behavior with BBZ10

2014-05-25 Thread Wade Blackwell 
Good morning all,
   I'm running 2.1.2-RELEASE (i386)nanobsd 4g (Netgate) and the Z10 is
running 10.2.1.2228. I used the following
link.
it appeared to work fabulously until I attempted to pass traffic which I
could not. Advanced outbound nat is being used and the road warrior IPsec
subnet is included for both Wan interfaces (dual wan setup and working.
Another very strange side effect is the Z10 is spawning many IPsec
sessions, current count is 212;



. Has anyone seen this behavior? I don't see a route to the Road Warrior
subnet or client IP when the phone is connected (172.31.2./24 is the subnet
allocated). Any feedback would be great, thanks so much!

  -W

Wade Blackwell
Solutions Architect
(D) 805.457.8825
(C) 805.400.8485
(S) coc.wadeblackwell
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list