Hello, Im working in strongswan in a debian distribution. with this file.conf config setup conn c5domain type=tunnel         left=81.25.126.250         leftsubnet=10.200.1.0/24         leftid=82.125.124.251         right=c5.domain.es         rightid=219.129.126.161         rightsubnet=192.168.220.0/24         installpolicy = yes #Encriptacio         dpdaction = restart         dpddelay = 10s         dpdtimeout = 60s         #keyingtries=0         esp=3des-sha1-modp1024         ike=3des-sha1-modp1024         authby=secret         keyexchange=ikev2         rekey=yes         reauth=yes         forceencaps=no         mobike=no         fragmentation=yes         #lifetime ikelifetime=28800s         lifetime=28800s         auto=route I'm test and work fine. but i'm configure in pfsense not working. In linux version strongswan is US5.2.1/K3.16.0 In FreeBSD strongSwan U5.5.1/K10.3 Can you help me? Next week i'm test edit files manualy.

@kapara: what are your clients running?  I use ipsec  (Not L2TP) and all clients have no issues.  Flawless. Kapara, I use windows 10. I setup L2TP/IPSEC using this link https://doc.pfsense.org/index.php/L2TP/IPsec As you mentioned we can use just IPSec for Remote Access On Pfsesne. Can you send me the Instructions for it ?

You cannot bind any services running on the firewall to a proxy arp vip. https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses You can probably tell OpenVPN to listen on localhost and port forward to it like you described. Not sure about IPsec.

I tried iPerf, FTP, SSH, SMB, HTTP. I said 60 mbps but I don't why I said that because I can't really pass through 25-30mbps. I tried with and without AES-INI and it worst without. Since my first post each end can transfert up to 1,5Gbps from end to end trought each Pfsense (NATed servers) without VPN (HTTP, FTP, SSH (bit slower) ).

Hi I still have this issue and I'm not sure who to debug it. Can anyone share some advice on how to resolve this. Thanks

Yeah, OpenVPN did the trick for me. Thanks for the reply.

That other thread is a year old, and the OP never replied back. Doesn't sound like a bug. As for this thread, you need to NAT BOTH sides of the tunnel? You are using the phase2 NAT/BINAT at site A and a custom rule on side B? I can't figure out if your bbbb and dddd are addresses or subnets and I'm unclear what you mean by saying dddd is 'public'.

Registered to reply to you. I currently have a pfSense VM running in a cloud environment that I use to connect back to 20+ locations that are all on Cisco Meraki MX series devices. Do you have static IP's on both ends? I have static IPs at most all locations. The sites that don't have a static ip address we refer to from pfsense by their dynamic DNS address provided by Merkai. Haven't had any issues with the VPN re-connecting after a power outage. [image: WSVO7L5.png]

Not sure what you are asking. If the devices have different IPs within the same subnet, that's no problem. If you want to remove the Cisco and have the pfSense answer on the Cisco's IPs, then add them as virtual ips. Normally, I'd program the new firewall with the old firewalls IPs, shut down the old one and power up the new one.

VLAN is L2, not possible. You'd need something like VXLAN, but that's a completely other level.

Not possible. Make more of 'em P2s :)

Please is possible explain or put your config??  i problems with my IPhone 7. Thx