@marcos-lang Could you please provide screenshots from your configuration and the ipsec status pages? Especially from SAD/SPD etc? The use of public IP in NAT (I believe not)? > This should work without problems. The difference in size of Local "real" and NAT'ed networks? > If you want to NAT your Local Network into a single ip you have to choose NAT/BINAT Type "Address" and NOT Network/32. Should I use /24 on NAT'ed networks and create a 1:1 relation on both ends? > No Should I create a VIP with the NAT'ed IP of Local Subnet (172.140.50.2/32)? > No Should I create a static route for the NAT'ed IP of Remote Subnet (172.140.60.2/32)? > No. Routing is ignored for IPSec

Seems very close. All of mine show RUNNING though. Make sure you have followed the proper procedure to not only create the tunnel but to assign it for use. https://www.netgate.com/docs/pfsense/vpn/ipsec/ipsec-routed.html

Specifically: found 1 matching config, but none allows pre-shared key authentication using Aggressive Mode If my P1 entry is doing Aggressive with PSK for the "My IP address" and "Peer IP address" and it matches my proposals for hash and encryption...why can't it recognize my PSK?

For anyone running into this problem, after much digging I found this is actually a problem with Rogers cellular service. You need to call Rogers in the interim and have them blacklist your IMEI from using IPv6. They are working on a more permanent fix...I opened a ticket and am currently waiting for them to blacklist mine but details are at this Rogers community thread. http://communityforums.rogers.com/t5/Network-Coverage/Issues-with-IKEv2-IPSec-VPN-on-Rogers-LTE-3G/td-p/419136/page/8 D

I have found in the documentation that I should use "Any" rather than "any".

Every step needs P2 entries for every possible combination of traffic. On both sides of the tunnel from 1<->2, it needs P2s for 1-2 and 1-3. On both sides of the tunnel from 2<->3, it needs P2s for 2-3 and 1-3. Expanded a bit: Site 1 tunnel 1<->2 has P2s: Local 1 / Remote 2 Local 1 / Remote 3 Site 2 tunnel 2<->1 has P2s: Local 2 / Remote 1 Local 3 / Remote 1 Site 2 tunnel 2<->3 has P2s: Local 2 / Remote 3 Local 1 / Remote 3 Site 3 tunnel 3<->2 has P2s: Local 3 / Remote 2 Local 3 / Remote 1

Thanks for the info! I am wanting to setup remote logging to a device on the VPN network. I'll check out the link :)

Sweet thanks Jimp I am sure I speak for a few people that we look forward to this support and appreciate the efforts of yourself and your team.

Support for routed IPsec/VTI is in 2.4.4 snapshots. It's still being tested but it's fairly solid at the moment with no major caveats that I'm aware of. https://redmine.pfsense.org/issues/8544

@jimp Thank you very much for the response! Looking forward to v2.4.4 being released :)

Short of moving out of Egypt, probably not.