• Port 4500 and 500 are blocked by pfsense?

    2
    0 Votes
    2 Posts
    782 Views
    C
    Maybe, depends on your config. By default they're both allowed outbound from LAN if that's what you mean.
  • IPSec Mobile Client not able to access Point-to-Point

    1
    0 Votes
    1 Posts
    566 Views
    No one has replied
  • Pfsense 2.3 DNS server issue

    3
    0 Votes
    3 Posts
    1k Views
    G
    Thank you for your help. Unfortunately I had to revert back to 2.2.2 because of this, as it's a production environment, but I will try again on the first occasion and let you know. Never realized that a plug in was required in the new version.
  • IPSec problem with pfSense 2.3 - DPD path probing fails

    3
    0 Votes
    3 Posts
    1k Views
    E
    -> cmb Thank you for your statement. You are absolutely right that it is not the "finest" solution that WAN and LAN are on the same subnet but they are segregated via VLAN and not bridged. The WAN uses a gateway that`s why it has a static ip. This gateway is used by another network with the same subnet which is not connected to the first network with the same subnet. This needs to be changed but the reason was a connection of two networks that were not planned intentionally and the change has not been done yet. In the "first" subnet with pfSense the IPSec clients are in the subnet 10.21.32.0/24, LAN is 10.21.30.0/24 (OpenVPN Clients in 10.21.31.0/24). I changed the subnet for WAN (10.21.29.0/24) for testing on the weekend but the problem remains. In the meantime I could figure out the problem. The problem only exists when MOBIKE is enabled (a new feature in 2.3 as far as I remember). If MOBIKE is disabled the DPD is sent via the WAN as intended. If MOBIKE is enabled the DPD is sent via LAN interface. So there could be a problem with the implementation of MOBIKE.
  • Script to reload automatically VPN

    4
    0 Votes
    4 Posts
    869 Views
    W
    You can use /usr/local/sbin/ipsec up con <number>Loop up the number in ipsec.conf. Use the command in cron(package) What device on the other side do you have problems with? I use this for connections to Fortigate devices, failing with phase2 rekeying.</number>
  • 0 Votes
    11 Posts
    3k Views
    DonnyD
    @Donny: Now IPSec Mobile work fine. 1. I made a record FQDN my pfsene hostname: zwolle.xxxxx.com with Public WAN IP Address from my ISP in to the domain name system (DNS): xxxxx.com 2. At local host computer windows 10, I tested PING to FQDN pfsene hostname > zwolle.xxxxx.com. it is worked. 3. Create IPSec CA certificate, the common name whatever 4. Create Sever Certificate to Common Name with FQDN pfsene hostname > zwolle.xxxxx.com. For Alternative name, I don't use Max OS, Linux and etc. 5. Setup IPSec tunnel Phase 1 My identifier to Distinguished name with "zwolle.xxxxx.com" that is the same common name on Server Certificate. 6. Another setup is the same pfsense document wiki 7. export only IPSec CA to Windows 10 Client and then installation IPSec CA to Trusted Root Certificate Authorities. 8. configuration the propertie of IPSec Connection adapter example at Security tab > IKEv2, Requir encryption and Secured password (EAP-MSCHAPv2) (encryption enable) 9. test the connect by use username and password that created on Pre-SharedKeys tab 10. finally connected and can ping to local host, copy files and etc. Donny Just want to be sure. the way i did it above, is it correct? Thank you. Donny
  • VPN Tunnel between pfSense 2.1 and Watchguard XTM 3 serie

    2
    0 Votes
    2 Posts
    999 Views
    D
    Hello, I have to configure vpn between pfsense and Watchguard M300, can you help me? Have you step-by-step guide? Thnaks!
  • IPhone to pfsense 2.3 not working

    8
    0 Votes
    8 Posts
    6k Views
    E
    Follow the instructions provided by kavara with IKEv2 via EAP-MSCHAPv2. IKEv2 is not only more secure than IKEv1 but much quicker in establishing a connection. Just send the certificate you downloaded from pfSense via E-Mail to your iPhone and click on it in the E-Mail to install, that`s all.
  • 0 Votes
    1 Posts
    800 Views
    No one has replied
  • IPSec routing problems

    5
    0 Votes
    5 Posts
    2k Views
    R
    thank you cmb. that works for me. was set to "LAN" before. i am really happy now!!
  • (Solved)Working IPSec guide for 2.3

    6
    0 Votes
    6 Posts
    3k Views
    ?
    @jimp: FQDN is the equivalent of DNS, so use that. And to pass all traffic over, use a network of 0.0.0.0/0. IT WORKS Thank you so much!  ;D
  • Remote Client IPSEC connection and Transparent Squid with Squid GUard

    1
    0 Votes
    1 Posts
    694 Views
    No one has replied
  • IPSec Mobile Client Full Tunnel issue

    5
    0 Votes
    5 Posts
    1k Views
    K
    Your mobile vpn needs another p2 so that the mobile IPSec knows about the remote network.  It does not get that from the point to point.
  • IPsec tunnel unreliable when tunneling with Draytek 2860

    3
    0 Votes
    3 Posts
    1k Views
    J
    jvata, I spent countless hours trying to get this to work, the fix for this is here https://forum.pfsense.org/index.php?topic=105589.msg608136#msg608136.
  • SOLVED: Routing multiple IPsec tunnels

    6
    0 Votes
    6 Posts
    7k Views
    J
    No problem glad I could help. Just to confirm though you shouldn't actually need the static routes. Either AWS network should know how to get to the other side due to the phase 2 entries that you've created. The static routes can be removed in your instance.
  • [SOLVED] Can't acces LDAP through IPsec

    7
    0 Votes
    7 Posts
    3k Views
    A
    This is totally what i needed. It works perfectly. :) Thanks for your reply jimp.
  • [SOLVED] losing connection in ipsec phase 2

    6
    1 Votes
    6 Posts
    5k Views
    P
    You can change this on the Phase 1 page.
  • StartSSL certificate for IKEv2 with EAP-MSCHAPv2

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    Lots of problems with that cert for IKEv2… It's not marked a server cert Missing EKU for TLS Web Server Authentication and 1.3.6.1.5.5.8.2.2 IP address is not in the SAN list
  • Ipsec tunel and mobile from same source IP

    1
    0 Votes
    1 Posts
    516 Views
    No one has replied
  • Mobile Clients - To IPSec or Not to IPSec, that is the question?

    8
    0 Votes
    8 Posts
    2k Views
    luckman212L
    @kapara: I have deployed at several locations the IPsec VPN using the Microsoft integrated with VPN using the Microsoft integrated with IKEv2.  So far it's his man pretty much flawless! […] IKEv2 on Mac also flawless! Any chance you could post detailed screenshots of how you set that up? I spent wasted 2 whole Saturdays fiddling trying to get it to work on MacOS X 10.11 as well as iPhone without much success. Wife was not happy.  :-\
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.