@patient0 Fixed, I forgot to add the remote ID :).
Thanks for help.

@Matt_Sharpe

Two other options that come to mind

Alert on syslog. So if using a syslog server such as Graylog, you can have it alert you by sending an email when it sees entries for the tunnel going down.

Modify the scripts here - although meant for Zabbix i can see it easily being customizable for any monitoring tool

Seems like a perfectly good use case for Tailscale

@viragomann
Okay, I understand! Thanks for your help! In two weeks the connection will be implemented, then I'll get back to you on this.

@plep Yeah, it can be a bit confusing. PfSense by default attempts to “combine” the subnets in P2s into one. That causes issues just like described where your other P2’s are “extended” from only the remote subnet to 0.0.0.0/0. To avoid this you need to tick the “Split Connections” box on your P1 for the tunnel then it will create several independant P2’s like the other end.

@NdubYu
I appreciate this is an old topic, but i have the same problem
Were you able to resolve ?
What was the issue ?
Thank you

Just for information to everyone, the problem was solved by changing (on both sides, of course) from IKE v1 to IKE v2.

@aldomoro
aha, so to restart dpinger helped me to get the VTI interface to the online status.
https://redmine.pfsense.org/issues/12764

Zabbix issue will be another story

@viragomann said in site to site VPN between pfSense 2.7.0 and Cisco ASR1001-X (1NG): phase 2 not working:

@getcom
🤦
I guess, it is an unerring admin of a big company likewise it was in my case.

a 150% admin...and yes a big company.
I sent him the log extracts in April and told him that I thought the problem might be a typo in the profile. Of course, he didn't believe me. Then we had a long, detailed e-mail ping-pong until he understood that he needed to look more closely at his Cisco router...

@maverickws said in Issue with access to site connected to remote via IPSec:

yeah that sorted it. I thought that by adding the network to the VPN settings it would automatically add it to the routing table, but it didn't

in VTI with static routes, that is required.
Glad that it sorted out. 👍