Re: [pfSense] 2.2.6 - Lost LAN conection when IPSEC tunnel is conected only first time booting

2016-03-30 Thread Nicolas Fabris
No very nice solution, but making a script.sh in /usr/local/etc/rc.d with lines:

sleep 40
ipsec stop
sleep 5
ipsec start

All goes OK.

For some reason, traffic FROM LAN to LAN IP of pfSense try to go via IPSEC 
TUNNEL (10.0.0.0/8) first time after rebooting Strange.


Lic. Nicolas A. Fabris
Seguridad Informática
Gcia. De Procesos y Sistemas
O.S.P.R.E.R.A.
OO4312-2500 Int. 3119
nicolas.fab...@osprera.org.ar

-Mensaje original-
De: List [mailto:list-boun...@lists.pfsense.org] En nombre de Marcio Vogel 
Merlone dos Santos
Enviado el: martes, 29 de marzo de 2016 03:12 p.m.
Para: list@lists.pfsense.org
Asunto: Re: [pfSense] 2.2.6 - Lost LAN conection when IPSEC tunnel is conected 
only first time booting

Em 23-03-2016 11:03, Marcio Vogel Merlone dos Santos escreveu:
> Em 15-03-2016 11:14, Nicolas Fabris escreveu:
>> I have an strange issue.
>>
>> Details:
>> LAN IP pfSense: 10.133.30.1
>>
>> TUNNEL IPSEC: Phase 2
>> Local Network LAN Subnet
>> Remote Network 10.0.0.0/8
>>
>> Advanced setting Enable bypasslan for LAN checked.
>>
>> When IPSEC tunnel is on, I lost ping from LAN to LAN IP 
>> (10.133.30.1), something like traffic going to 10.x.x.x. is tryning 
>> to go by IPSEC TUNNEL I think, and not working OK the 
>> bypass for LAN option.
>> If I restart ipsec services, have no more problems, but have to do 
>> this manually every time after reboot.
> Bizarre, as is my situation.
>
> I have a remote site connected by a ipsec tunnel to my main office, 
> both using pfSense 2.2.6. Whenever the tunnel disconects for whatever 
> reason, after some seconds all local stations on remote site are also 
> disconnected (Windows reports network cable unpluged, "X" mark on 
> network icon near the clock!) for some seconds and then reconnects 
> happily as if nothing happened.
>
> Just observed that yesterday after many user complains and am starting 
> to scratch my head now.
>
> This looks very similar to your problem, I don't have a solution yet.

For the record and my shame, I have an IP Phone between that specific station 
and the network. When VPN goes down the phone looses connection with the office 
and then... reboots, causing the disconnection of the station.

Check if your case has any similarity.

Best regards and good luck.

--
*Marcio Merlone*
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] 2.2.6 - Lost LAN conection when IPSEC tunnel is conected only first time booting

2016-03-15 Thread Nicolas Fabris
Good morning everyone.

I have an strange issue.

Details:
LAN IP pfSense: 10.133.30.1

TUNNEL IPSEC: Phase 2 
Local Network LAN Subnet
Remote Network 10.0.0.0/8

Advanced setting Enable bypasslan for LAN checked.

When IPSEC tunnel is on, I lost ping from LAN to LAN IP (10.133.30.1), 
something like traffic going to 10.x.x.x. is tryning to go by IPSEC TUNNEL I 
think, and not working OK the bypass for LAN option.
If I restart ipsec services, have no more problems, but have to do this 
manually every time after reboot.

Any idea ?

Thanks in advance

Lic. Nicolas A. Fabris
Seguridad Informática
Gcia. De Procesos y Sistemas
O.S.P.R.E.R.A.
OO4312-2500 Int. 3119
nicolas.fab...@osprera.org.ar



___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Enable bypass for LAN interface IP not working? ver 2.2.5

2015-11-24 Thread Nicolas Fabris
Thks Chris!


Lic. Nicolas A. Fabris
Seguridad Informática
Gcia. De Procesos y Sistemas
O.S.P.R.E.R.A.
OO4312-2500 Int. 3119
nicolas.fab...@osprera.org.ar

-Mensaje original-
De: List [mailto:list-boun...@lists.pfsense.org] En nombre de Chris Buechler
Enviado el: lunes, 23 de noviembre de 2015 11:53 p.m.
Para: pfSense Support and Discussion Mailing List
Asunto: Re: [pfSense] Enable bypass for LAN interface IP not working? ver 2.2.5

It's there and it works (from the LAN subnet to the LAN subnet is skipped). 
Check the first config entry in /var/etc/ipsec/ipsec.conf.

On Mon, Nov 23, 2015 at 11:08 AM, Nicolas Fabris 
<nicolas.fab...@osprera.org.ar> wrote:
> Hi folks! How are you?
>
> Nobody?
>
> Thksss!!!
>
> Lic. Nicolas A. Fabris
> Seguridad Informática
> Gcia. De Procesos y Sistemas
> O.S.P.R.E.R.A.
> OO4312-2500 Int. 3119
> nicolas.fab...@osprera.org.ar
>
>
> -Mensaje original-
> De: List [mailto:list-boun...@lists.pfsense.org] En nombre de Nicolas 
> Fabris Enviado el: jueves, 19 de noviembre de 2015 12:49 p.m.
> Para: list@lists.pfsense.org
> Asunto: [pfSense] Enable bypass for LAN interface IP not working? ver 
> 2.2.5
>
> Hi folks! How are you today?
>
> Having problems after upgrading to 2.2.5 with Enable bypass for LAN 
> interface IP option (VPN, IPSEC, Advanced.)
>
> When IPsec tunnel is established I lost ping to LAN IP of pfsense.
> When tunnel is not established, automatically ping come again.
>
> Can somebody give me a hand?
>
> Thks!
>
>
> Lic. Nicolas A. Fabris
> Seguridad Informática
> Gcia. De Procesos y Sistemas
> O.S.P.R.E.R.A.
> * 4312-2500 Int. 3119
> nicolas.fab...@osprera.org.ar<mailto:nicolas.fab...@osprera.org.ar>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Enable bypass for LAN interface IP not working? ver 2.2.5

2015-11-23 Thread Nicolas Fabris
Hi folks! How are you?

Nobody?

Thksss!!!

Lic. Nicolas A. Fabris
Seguridad Informática
Gcia. De Procesos y Sistemas
O.S.P.R.E.R.A.
OO4312-2500 Int. 3119
nicolas.fab...@osprera.org.ar


-Mensaje original-
De: List [mailto:list-boun...@lists.pfsense.org] En nombre de Nicolas Fabris
Enviado el: jueves, 19 de noviembre de 2015 12:49 p.m.
Para: list@lists.pfsense.org
Asunto: [pfSense] Enable bypass for LAN interface IP not working? ver 2.2.5

Hi folks! How are you today?

Having problems after upgrading to 2.2.5 with Enable bypass for LAN interface 
IP option (VPN, IPSEC, Advanced.)

When IPsec tunnel is established I lost ping to LAN IP of pfsense.
When tunnel is not established, automatically ping come again.

Can somebody give me a hand?

Thks!


Lic. Nicolas A. Fabris
Seguridad Informática
Gcia. De Procesos y Sistemas
O.S.P.R.E.R.A.
* 4312-2500 Int. 3119
nicolas.fab...@osprera.org.ar<mailto:nicolas.fab...@osprera.org.ar>

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] Enable bypass for LAN interface IP not working? ver 2.2.5

2015-11-19 Thread Nicolas Fabris
Hi folks! How are you today?

Having problems after upgrading to 2.2.5 with Enable bypass for LAN interface 
IP option (VPN, IPSEC, Advanced.)

When IPsec tunnel is established I lost ping to LAN IP of pfsense.
When tunnel is not established, automatically ping come again.

Can somebody give me a hand?

Thks!


Lic. Nicolas A. Fabris
Seguridad Informática
Gcia. De Procesos y Sistemas
O.S.P.R.E.R.A.
* 4312-2500 Int. 3119
nicolas.fab...@osprera.org.ar

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold