Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Upgrade from 16.7.14: IPSEC Traffic showing up on WAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: Upgrade from 16.7.14: IPSEC Traffic showing up on WAN (Read 4941 times)
mircsicz
Full Member
Posts: 113
Karma: 3
Upgrade from 16.7.14: IPSEC Traffic showing up on WAN
«
on:
February 06, 2017, 09:35:50 pm »
As promised to franco here's my posting about the actual issue:
After Upgrading from 16.7.14 to 17.1 and getting the other two bugs out of the way I'm still hit by this one!
I'm running approx half a dozen APU's of which I've already upgraded two. Both are working as expected. But then there's one OPNsense Installation running as a KVM client, and that machine suffer's from the above mentioned bug. There's 5 S2S Tunnel's of which some have 2 or three L2's...
And all the traffic headed towards the machine's behind those Tunnel's is recognized on the WAN interface of the OPNsense. And the only cure to the issue is to allow Class-A Traffic and create a Firewall rule on the WAN Interface that allow's traffic from behind the IPSec tunnel to the local network...
And just now I realized all my SSH connections are slugish, I can connect but might be kicked after a few sec's!!!
So I'm hoping this get's fixed very soon
Logged
mircsicz
Full Member
Posts: 113
Karma: 3
Re: Upgrade from 16.7.14: IPSEC Traffic showing up on WAN
«
Reply #1 on:
February 07, 2017, 02:23:03 am »
Reply to myself, for documentary reason's, this is the log created during one of those extremly short SSH sessions:
Logged
mircsicz
Full Member
Posts: 113
Karma: 3
Re: Upgrade from 16.7.14: IPSEC Traffic showing up on WAN
«
Reply #2 on:
February 08, 2017, 01:34:57 am »
Changing "Firewall > Settings > Advanced > Firewall Optimization" from normal to conservative gave me some ease...
Logged
dragon2611
Jr. Member
Posts: 94
Karma: 4
Re: Upgrade from 16.7.14: IPSEC Traffic showing up on WAN
«
Reply #3 on:
February 08, 2017, 05:58:23 pm »
I believe there are some issues with the connection tracking code in 17.1 which affects multi-wan and also IPSEC traffic the devs are aware and are working on it.
There are a few threads around here about it.
https://forum.opnsense.org/index.php?topic=4417.0
https://forum.opnsense.org/index.php?topic=4313.0
https://forum.opnsense.org/index.php?topic=4385.0
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Upgrade from 16.7.14: IPSEC Traffic showing up on WAN
«
Reply #4 on:
February 09, 2017, 08:39:37 pm »
This is the next thing on my list now. Maybe solved in time for 17.1.2.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Upgrade from 16.7.14: IPSEC Traffic showing up on WAN