I solved the problem. After installing the patch, I added Pre Shared Key on the IPsec side and the problem was resolved.

@mr_jinx bro is that possible to installed pfsense server via vmware workstation?

hi all can i ask if is that possible when you used ipsec vpn in pfsense . im using vmware workstation in my laptop. when i tried to connect to another pfsense which is located to another site it doesn't work for me please help My laptop connect to isp then i installed vmware workstation at my laptop then setup pfsense server.

https://forum.netgate.com/topic/144614/mobile-clients-with-otp Last post.

@cre8toruk I'm having a similar issue with 2 different sites with a 5100 and 7100. They're both on the same ISP, and a tech there has indicated there's a firmware glitch with the modems affecting VPN / VoIP traffic... Everthing else works, pings through vpn, vpn doesn't drop, internet slows down a lot - but still up. SMB and Domain Auth seems to be affected the most. Reseting the modem seems to fix the issue for a while, but then it'll stop working for SMB shares usually some random time later. Have you had any luck finding your issue?

@barronc Yes but they look like log spam that would do nothing to help solve a problem at "normal" layers. I troubleshoot IPsec on pfSense all day every day and the aforementioned log settings give me everything I need.

@gonecamping I am a flipping idiot. ;-) If I put the WAN IP as the NAT/BINAT address and then LAN as the local network, it worked. P2 still works and traffic flows from LAN to our customer network.

I did mistake when i was doing the packet capture and i realized that too late, anyway when i capture more the 100 packets (default) i see ISAKMP and ESP under WAN. Now the only question is why the rule for matching IPSEC is not working on the WAN, or precisely why it is not matching UDP 500 or UDP 4500 or ESP. Is there anything that could prevent that?

I was able to work around this by utilizing a VTI tunnel instead, using that VTI as default gateway, in parallel with static route for 192.168.0.0/24 to head to home router. Bi-directions firewall rules allowing WAN/LAN traffic.

...adding that I now see the same "query policy ... in failed..." messages for working VTI tunnels, so that message may be a red herring as far as this issue.

@jimp I don't know about the ID, I have used the same config long time and it was was made following the netgate/pfsense guide how to setup ipsec. It's working now after clearing and re-enter the config :) Thank you for taking your time to answer