On Thu, Aug 12, 2010 at 2:17 PM, Austin G. Smith <asm...@neweffectit.com> wrote: > > > I just performed an update on a 1.2.0-RELEASE-FULL firewall last night. > > > > Today we started having issues with traffic being denied from IPSEC VPN > sites outside of the internal pfsense networks. However, traffic is passing > fine from inside pfsense to the external IPSEC VPN sites. I can port scan > from a remote site to inside pfsense and show open ports, however nothing > can sustain a connection to the remote site. >
Couple possibilities, one somehow you have a PMTUD black hole now that wasn't there before, try changing your WAN MTU to 1400 and see if that changes anything. Second possibility, filtering is stricter on TCP flags in 1.2.3 than in 1.2, if you have asymmetric routing you're going to have problems now where you may not have before. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org