@djno:

I will check the GreenBow settings. And I'm connecting to the CARP IP.
The failover IPsec settings look good, well at least when I switch off the main fw, the backup fw creates also the IPsec tunnel (VPN always up)
Thank you for the hint concerning "prefer older SAs"

I know that the IPsec traffic cannot be filtered but  I still don't understand the following line in the IPsec logs

racoon: INFO: Update the generated policy : 192.168.1.34/32[0] 192.168.2.0/24[0] proto=any dir=in

I am also getting this problem, it would seem that the rules are not being generated and applied properly for on the fly (road warrior) connections.  Since "static" vpn's have the subnets etc setup from the get go I'm not surprised that they work with no error.

I have tried :-
TauVPN 0.36 0.36 0.40
The Green Bow 2.5.1.008

and all result in the same error in the ipsec logs.

Sadly I'm poking arround on the cmd line is my limit (and i could not find ipsec.conf to "setkey" it).

beta1 is more than 1 month old. though I don't recall problems with ipsec and beta1 I would suggest trying the latest snapshot embedded build found here: http://pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-2-06/pfSense.img

Ah, that makes sense… and actually that sounds pretty excellent :)

do you have a how to of how i did this?

Phase one fails for some reason. I guess you have static IPs on WAN so just try the IP-Adresses as identifier. fqdn only works if they are configured on the other end correctly. I can confirm that m0n0-pfsense-tunnels are working without issues. Already tested that.

@ZGamer:

What I am thinking of attempting to do is setup pfsense as the vpn-client to a remote network, but not running in a site-to-site link in the traditional sense where I could like to be able to enter a username/password combination to establish the vpn-tunnel instead of a RSA sig or pre-shared key. Anyway that this could be possible?

not at this time.

you need to setup a site-to-site vpn connection on the nokia box with a pre-shared key for it to work.

It would be appreciated if you record a tutorial for our tutorials section. It's nearly the same like shooting screenshots with wink but you add some descriptions on top of it instead placing them between the shots in the text. You find examples and info about wink at our tutorials section: http://pfsense.com/index.php?id=36

Have a look at the Links section of the main website, then look for the How-to link on  details about TauVPN.

Links added! Thank you for the suggestions. It was time to rework that page anyway  ;) I as well added some other things.

http://pfsense.com/index.php?id=33