Hi,
Unfortunately I have given up on pfsense, and done an install using voyage linux to my machine and done this using traditional iptables/racoon, etc which works no problem.

Thanks again for your feedback.

OK

at the other end it is a cisco ASA,

they only want to see 3 host on our LAN.

they try to implement this:

Extended IP access list ACL-XXX

10 permit ip 150.2.0.0 0.0.255.255 host 172.16.3.14

20 permit ip 150.2.0.0 0.0.255.255 host 172.16.3.16

30 permit ip 150.2.0.0 0.0.255.255 host 172.16.3.15

any idea ?

Problem still exist in RC3. I really like the new IPsec connection status symbols and the IPsec highlighting in the log files. It would be great if the mobile clients could be shown also.

IPsec.png
IPsec.png_thumb

I recently did this.  It was really a challenge.  I was using a netgear 380 vpn router.  It was a realy pain to get configured.  It took me about 14 hours to get it running.  The vpn's tunnels between pfsense and the netgear about killed me. 
RC

I am using the following build without any issues.

1.2-RC3
built on Thu Oct 18 15:19:54 EDT 2007

RC

If it's OpenVPN related then it should go to that category:
http://forum.pfsense.org/index.php/board,39.0.html

The top most Sticky by SUllrich handles creating CERTs as your subject suggests.
Later on you write about KEYs…

but my clients is able to connect from any internet cafe or a dialup

I am using 1.2-RC2  and i get this error
To sunny chowdhry
Please tell me how to configure both ends of the tunnel so i can get it to work

Re-IP one of the sites.  How hard could it be?

Robert

yep, looks like that was broken by fixing a related bug. I opened a ticket.

OK now i try putting it in front but
1. I normally ping from site that have pfsense but i can't ping from another site without pfsense it look like pfsense don't let me come in to lan.

Help please thank

ok, i will try the lan-vpn first, this is not working, i followed the monowall tutorial almost to the letter, i just changed the lifetime to 1000 and group options in fase 1 DH key group to 1 and in fase 2 PFS key group to 1,  this the error i get:

ERROR: unknown notify message, no phase2 handle found.

this is the pix config:

isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 1000
crypto map newmap 10 ipsec-isakmp
crypto map newmap 10 match address 100
crypto map newmap 10 set peer aaa.bbb.ccc.ddd.
crypto map newmap 10 set transform-set myset
crypto ipsec transform-set myset esp-des esp-md5-hmac

What could be wrong?

Policy NAT is possible, not policy NAT with IPsec though.

@tunge2:

I can send you config for pfS and shrew client if you like to.
Is it posible to get the config files? Is there a howto for Shrew VPN client/PFsense…...

Ah! Red line is the question.
Yes, it is posible. No, there is not specific one for Shrew (or I couldn't find one) but I can write one when I get some free time.
Send mi perosnal mesage with your e-mail and I will send config to you ASAP.

Sasa

@eskild:

Pointy-hat to me.

indeed.  ;D  good catch

I opened a ticket on this issue.

The IPSEC pass through stopped after upgrading to the latest build.  At the latest build area.  It was working.  I do have multiple vpn tunnels as well.  they have stopped working both ways.  If I turn on the option on the firewall on the rules tab.  The firewall reboots every 5 five minutes.

The passthrough just stopped when I upgraded  to the latest snapshot.  I saw a huge improvement in perfrormance plus multi-processor (Pentium-D).