# [pfSense] pfSense IPSec issue



## paladax (Jan 30, 2014)

Hi there,

We have recently started converting some of our sites onto fibre connection as it becomes available in our areas. So far we have done four sep*a*rate sites and on all sites (except one initally but I will get to that one) I am experiencing the same issue.

On our normal setups our pfSense boxes are connected to a router that connects out. The router taking one of our public IP addresses and one ethernet card on the pfSense box taking the _seco_nd (Red interface). We then have two more ethernet cards on the pfSense (one for local _LAN_, one for untrusted _LAN_). Now on the pfSense box we have set it to have a phase-1 IPSec tunnel and then three phase-2 tunnels. Those three tunnels being the local _LAN_, untrusted _LAN_ and then one to allow external contractors to remote into the untrusted _LAN_. 

That*'*s all been fine in the past, however, now when we are on fibre that Red tunnel does not come online. The other two do fine, but just not that one for external support. 

This is the same if I use a router or if I plug the pfSense box directly into them modem and let the pfSense make the PPPoE connection.

Any ideas why this might be?

There are no traffic shapers in play, nothing that I can see that would stop it. And if I plug it back into an ADSL connection it then works fine.

The tunnels are using 


```
P2 Protocol   P2 Transforms           P2 Auth Methods   
 ESP                   AES (auto), 3DES    SHA1
```

But I have tried them using AH for the P2 protocol as well, same result.

The one site that was different was one where all three tunnels came straight back up after we switched on the fibre. I compared it side by side with another site that only had 2/3 tunnels up and as far as I could tell they were identical apart from the fact that one of it's redundant IPSec tunnels (were used for failover in the past but are since redundant) that is disabled had SHA1 and MD5 as authentication methods as well as on the receiving end of the IPSec the exchange was set to Automatic. I tried replicating that since on the 2/3 firewall but still the same result. Now, even stranger. After about a week or two of those three tunnels being up it has now only got 2/3 tunnels up itself! Anybody got any suggestions on this strangeness? 

Oh and I have tried this on 2.1-RELEASE (i386) as well as 2.0-BETA5 (i386


----------



## SirDice (Jan 30, 2014)

*Re: Pfsense Ipsec issue*

PC-BSD DesktopBSD FreeNAS NAS4Free m0N0WALL pfSense ArchBSD


----------



## DutchDaemon (Jan 30, 2014)

Why are you asking such a specific pfSense question on the FreeBSD forums?

Disclaimer: topics about PC-BSD, DesktopBSD, FreeNAS, NAS4Free, m0N0WALL, *pfSense*, ArchBSD, kFreeBSD, JabirOS


----------



## paladax (Jan 30, 2014)

Apologies, I knew it was a long shot posting it on here. But the Pfsense forum nobody has even so much as responded to me.

I'm just getting a bit annoyed with this issue hence in my desperation I thought I would try here since it is FreeBSD architecture underneath it all


----------

