@x2dz:

So if anyone knows a way to proxy/rebroadcast the DLNA packets /I will again ask whether the IGMP Proxy package ??? is technically connected to this issue/ over a pfSense<->pfSense IPsec site to site VPN please share your thoughts.

Any help would be greatly appreciated.

have somebody sucessfully implement the solution to access DLNA Server/Client over a VPN Tunnel? ive installed IGMP Proxy on my embedded Pfsense 1.2.3 an will try to access the server (LAN) from PS3 (opt1). now i had a long time bridged the both interfaces, but want to route the subnets.

in the igmp proxy package, i am not able to choose the ipsec interface… probably not possible with this version?

im thankfull for help

Hi

I would first double check that you have the correct PASS  rules on the Firewall | Rules | IPSEC Tab at each end of the tunnel.
Enable logging on the tunnel and check the logs for any errors.
Please paste your tunnel configuration and/or logs.

Just Setup 2 tunnels/connections as this 2 would be the only one by them self. By the way. my ipsecs crashs all the time. I do not know why but its not very stable at this point. Maybe this is not the right solution :-)

Good to hear it's working. There is an errata page here:

http://www.reedmedia.net/books/pfsense/errata.html

Check there first, and if it's not a known error, they can be sent to me (jimp (a) pfsense.org) or Chris (cmb (a) pfsense.org) and we'll see what can be done about them.

Thank you Jimp for your answer, I tried but it still doesn't work.

I waist long days on this, to try or find something on forum, tuto, howto… But I still don't know why my packets doesn't go through the VPN.

So I'll post all my configuration to see if you could understand and explain me what happen.

So, first, My IPSEC tunnel :

I think i read something about SAD, it's not normal if there is nothing in… right?

My NAT config :

And Outbound is on "Automatic outbound NAT rules generation (IPSEC passthrough)"

My RULES :

And my logs IPSEC :

So if you find what's wrong… tell me, thanks a lot!!

We need more info…

What do the filter logs say? Any blocked packets? From the machine you are trying to do the https session try a telnet ROUTER_IP 443 (Windows) or telnet ROUTER_IP:443 (Unix/Linux). Do you get a connect? Have you checked both firewalls? Ruleset? What are your rules?

There are numerous howto in pfSense's doc wiki, it's pretty straightforward and in my opinion you're better of using OpenVPN, one particular URL of interest to you is –> http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN

You can't NAT on IPsec tunnels like that with pfSense.

There was a bounty to add that feature (http://forum.pfsense.org/index.php/topic,14650.0.html) but it was withdrawn before it could be completed.

You'd have to renumber their network to 192.168.10.x to make it work.

Does anyone have any ideas? I do not want to go back to that old netscreen if this is a simple fix!

Thank you!

No, you can't route traffic quite the same way with IPsec as you can with OpenVPN.

With mobile tunnels this is a little more relaxed, but you still need to specify these subnets for the tunnel on the client side. If these networks are not locally reachable by pfSense you will also need to add manual NAT rules which will NAT the traffic from your mobile client IP(s) out the pfSense WAN.

This is a little better in 2.0 where you can specify to send a list of accessible networks to the IPsec client, but you still can't specify arbitrary subnets.

After reviewing my previous input, I glanced over the pfSense Definitive Guide and found this:

"Static routes will not route traffic over an IPsec connection, never configure static routes for any IPsec traffic except in the case of traffic initiated from pfSense itself."

And that "The only option if the subnets are not contiguous is to create parallel IPsec tunnels, 1 for each subnet."

The quoted info above can be found in section 13.4.3 (Routing multiple subnets over IPsec) of the Definitve Guide.

That said, cosolidating your existing class A and C subnets seems to be the only solution.

:) work fine.. tnks
I ping only ip dhcp on remote network, and i dont ping de fixed ip…

FIXED.. I really should have thought of this sooner but untill I saw the packet was addressed wrong it never clicked in my head.

The problem was I run VMware Workstation for devlopment. The NAT driver was playing havoc. I still don't really understand what was happening, but the VirtualNIC assigned to NAT just so happen to be 192.168.190.1. So I'm guessing somehow it was changing the source/destination of the packets meant for my 192.168.10.10 interface.

Figured I'd update this incase anyone ever pulls their hair out like I was.

In that other thread, Ermal seems to imply that it is mainly up to racoon (part of ipsec-tools) to handle this, but it will take some C coding to get it done.

I don't understand the source of ipsec-tools well enough to comment further (and not for lack of trying, I've tried editing/patching their source for other reasons before and it wasn't a fun experience, mainly due to my lack of C knowledge.)

I did not find the solution for the error but, it was not a problem to stablish the tunnel.
VPN IPSEC works even with this error on logs.

Even I found a way to communicate a LINKSYS WRV210 with pfsense, here is the detailed conf:

http://sites.google.com/site/sinindex/networking/integracionipsecentrepfsenseylinksyswrv210

Thanks all for the help.