@cmb: Your certificate likely doesn't have the proper EKU for Windows to recognize it. I've confirmed that the cert does have the "server authentication" EKU (1.3.6.1.5.5.7.3.1) Isn't it the right one? @cmb: The references to importing certificates on the client is for CA certs, not server certs, where a self-signed cert is used. Yes, I do understand that. I imported the server cert instead because it was quicker, for testing purposes. The point is, I would like to cut off the need to import anything into a computer's "personal" cert folder, since the cert is already publicy trusted.

So what about this situation: Site A: Using a (Interface with) subnet with 192.168.1.0/24 different network. (Not part of VPN tunnel) IPSEC P2 Local Subnet is 172.20.20.0/24 Site B: LAN is 192.168.1.0/24 P2 local is using this 192.168.1.0/24 subnet. What would be the proper way to use BINAT or is it not needed?  Will the IPSEC tunnel know to direct traffic for the 172.20.20.0/24 going to 192.168.1.0/24 through the tunnel even though there is annother interface using 192.168.1.0/24?

i have no 1:1 nat or port forward and the outbound nat rules are set to auto… mhh so i have no idea why vpn is going down after some time and wont be reconnect :(

case solved by using OpenVPN https://forum.pfsense.org/index.php?topic=112696.0

I have the same problem. Could somebody help? As test effects i setted L2TP VPN to accept all traffic. Thank you

Are you using IPSec client built into Windows running Windows 10 ikev2?

Doh! The ipsec firewall rule on remote. Fsck, forgot about that little gem. Thanks!

I already use OpenVPN BUT I like IPSec at lot more. I like that it's intergrated in my devices and I don't need third party software for like Mac and etc. I actually have this problem with my OpenVPN as well.

Small update: I've tried now adding a Virtual IP on HQ, it's the exact same behaviour as for IPsec (i.e. settings are not saved/updated). What's even stranger is that HQ is actually a pair of Netgate SG-4860 in an HA pair. They both behave like this. AGain, any help would be greatly appreciated

Yep, finally saw what was happening there. I'm not sure how it didn't happen to me previously. In that case it affects several pages. I was looking for a bug ticket for this, remembering this thread but misremembered it as a redmine ticket.

Yeah there's a status display issue in that case. There is a bug ticket open on general issue there. https://redmine.pfsense.org/issues/6335 It'll work fine, the status output's just wrong on the "down" one.