While testing the previously discussed "stalling connections" with v2.2.1 IPsec -- which still exist with v2.2.2 (expected as the release notes give no indication of a fix) -- I noticed (what I suspect is) a new bug (https://redmine.pfsense.org/issues/4640).
After updating from 2.2.1 to 2.2.2, in VPN -> IPsec -> Advanced Settings, the check-box setting for "Disable Cisco Extensions" now toggles whatever the setting was for "Auto-exclude LAN address" and the checkbox for "Auto-exclude LAN address" ignores any attempts to set it on it's own. Question The "Auto-exclude LAN address" has an explanatory line of --- Exclude traffic from LAN subnet to LAN IP address from IPsec. --- which can be interpreted multiple ways (which LAN, local/remote? and which IPsec, server/client? ... or both?). Since there's nothing on the associated WiKi help page, could someone provide a more detailed explanation of what this setting does and/or should be used for (and the default setting)? _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold