Pfsense Fw 2.3 Eve-ng

On
  1. Pfsense Fw 2.3 Eve-ng Key
  2. Pfsense Fw 2.3 Eve-ng Manual

PfSense is awesome open source router software based on FreeBSD. It features a nice web interface to do any tasks!While the main way to administer and upgrade pfSense is via the web interface, one can also upgrade via command line. Check it out!1. First, ssh into your pfsense box.2. Next, To apply pending security updates, run the following command:$ sudo pfSense-upgrade -dBelow is an example complete output.

Circuit type: AT&T U-Verse Fiber (100down/20up)pfSense ver: 2.3.4p1End point fw: OpenBSD (not managed by us)Our IP: 11.11.11.11 (changed to protect the innocent)Their IP: 22.22.22.22 (changed to protect the innocent)We'll get normal traffic coming across, then we start getting these 'phase 2 others?' Thanks for the reply. We were looking at some sending side logs late last night, their side was complaining about pfSense not responding:Sep 19 23:21:48 bsd isakmpd16744: transportsendmessages: giving up on exchange peer-199.16.46.158-local-11.11.11.11, no response from peer 199.16.46.158:500Sep 19 23:21:58 bsd isakmpd16744: transportsendmessages: giving up on exchange peer-199.16.46.158-local-11.11.11.11, no response from peer 199.16.46.158:500It's like the tunnel only comes up if pfSense initiates it. Not sure why that would be the case either. I don't see anything specific in the configuration where you can prevent pfSense from responding to an initiate request.

Pfsense fw 2.3 eve-ng system

Pfsense Fw 2.3 Eve-ng Key

If it only works when initiated from one side then it sounds like a firewall is blocking it at one of the ends. I would do packet captures simultaneously with the logs and determine where it's getting lost; it could be that the sending end firewall is blocking it for some reason, or it's getting lost in between end points, or the receiving end is getting it but firewall is blocking it, or IPSec on receiving end is receiving it but dropping/ignoring it. PfSense would ignore it if it was an invalid request (unrecognized endpoint, bad authentication, etc), but if that was the case then it shouldn't be working from either direction.

Pfsense Fw 2.3 Eve-ng Manual

JasonH83 wrote:If it only works when initiated from one side then it sounds like a firewall is blocking it at one of the ends. I would do packet captures simultaneously with the logs and determine where it's getting lost; it could be that the sending end firewall is blocking it for some reason, or it's getting lost in between end points, or the receiving end is getting it but firewall is blocking it, or IPSec on receiving end is receiving it but dropping/ignoring it. PfSense would ignore it if it was an invalid request (unrecognized endpoint, bad authentication, etc), but if that was the case then it shouldn't be working from either direction.Yes, I would agree. If it was a misconfig, it wouldn't come up at all, but that's not the case. There aren't any blocks in the firewall logs to or from the other side's IP address.