• newbie IPSEC client to network setup

    2
    0 Votes
    2 Posts
    417 Views
    planedropP

    Netgates official documentation for pfSense is the place to start, they have tons of configuration examples that go over things like this.

    However, it's worth noting that it may be easier to setup (and more important easier to setup securely) WireGuard instead of IPsec for this use case, I use WireGuard for remote access and it's been basically perfect.

    The big thing with IPsec is that it's really complex, overly so (and this is coming from someone who knows the ins and outs of IPsec very well and has setup an absolute ton of VPNs with it); so it can be hard to get working if you're knew to it and even harder to make properly secure, so if you go the IPsec route make sure you really understand it and be thorough, it's easy to make a big mistake.

    But again, I'd first encourage using WireGuard for remote access VPNs, unless you need to manage things at scale or have a reason to use IPsec, it would be my choice, I've even used it in corporate settings and it's been extremely reliable.

  • IPsec site-site with LE cert problem

    2
    0 Votes
    2 Posts
    457 Views
    LarryFahnoeL

    This was a self-inflicted wound. Somehow I had inadvertently deleted the ISRG Root X1 CA cert. Importing the cert solved the problem. Obviously I should have paid more attention to what the log message was telling me!

    no issuer certificate found for "C=US, O=Let's Encrypt, CN=R3" issuer is "C=US, O=Internet Security Research Group, CN=ISRG Root X1"

    --Larry

  • Site to site IPsec suspect not passing TCP traffic

    12
    0 Votes
    12 Posts
    2k Views
    T

    Hello All,

    I am having exactly the same issue but when I enable or disable this check box at VPN IPSec Advanced I am still not able to use ssh or http/https. Any other ideas?

    Thank you in advance.

  • IPSec hundreds of child SAs

    9
    0 Votes
    9 Posts
    2k Views
    S

    @mcury Thank you, I'll go through that page and see if anything helps.

    I appreciate it!

  • IPSec tunnel questions

    4
    0 Votes
    4 Posts
    693 Views
    V

    @freddy550
    No. Your IPSec configuration has to be aware of the NAT, otherwise it will not connect.

    Imagine, the remote site is 192.168.20.0/24 and it is natted to 10.227.56.0/24. So your phase 2 has to use 10.227.56.0/24 as remote network to connect to.

  • VPN IPSEC Very Slow

    9
    0 Votes
    9 Posts
    1k Views
    C

    @NOCling Greetings, thank you very much for the tip, I will test it and report it here, thank you very much

  • IPSec Tunnel Between ZyXel & PfSense Stopped Working...

    1
    0 Votes
    1 Posts
    189 Views
    No one has replied
  • IPSec disable

    2
    0 Votes
    2 Posts
    762 Views
    N

    Hello,
    I found the solution myself.
    I went into the configuration of phase 1 of my tunnel and once the configuration was saved I had the button at the top right to launch the service.

  • IPSEC pfSense - fortigate

    1
    0 Votes
    1 Posts
    343 Views
    No one has replied
  • Mobile Client IPSec from LAN2 to LAN

    1
    0 Votes
    1 Posts
    220 Views
    No one has replied
  • IPSec Auto-exclude LAN address checkbox self-enabling

    1
    0 Votes
    1 Posts
    342 Views
    No one has replied
  • Bind IPSEC Mobile client on two interfaces (IPv4 & IPv6)

    1
    0 Votes
    1 Posts
    163 Views
    No one has replied
  • IPSec - Site to Site - IPv4 over IPv6 Tunnel

    2
    0 Votes
    2 Posts
    356 Views
    L

    So I can ping from the remote side to the local side but return packets don't get back and for some reason are routed normally (ie out to the internet/default route).
    Not sure why pfSense is routing packets incorrectly though unless I'm missing some setting.

  • Problem with NATed IPSec and CARP

    1
    0 Votes
    1 Posts
    175 Views
    No one has replied
  • Tunnel GRE over ipsec between pfsense and cisco

    1
    0 Votes
    1 Posts
    154 Views
    No one has replied
  • Can't get IPSEC to connect, been trying for days.

    8
    0 Votes
    8 Posts
    44k Views
    M

    Laughs! A post from 4 years ago managed to get me out of a problem I was having. Thank you very much! 😊

  • Alias for subnets in P2

    1
    0 Votes
    1 Posts
    160 Views
    No one has replied
  • Static routes ignored with the IPsec interface

    1
    0 Votes
    1 Posts
    260 Views
    No one has replied
  • What's the point of the Pre-Shared Keys section?

    3
    0 Votes
    3 Posts
    451 Views
    rcfaR

    @jimp OK, thanks, makes sense.

    But it might be helpful to do either of these two things:

    allow the use of PSKs defined there in regular IPSec configurations rename the tab to something like "Mobile Pre-Shared Keys" or something similar, that makes it clear, that these are not intended to be used for regular IPSec setups

    because otherwise, it's a bit confusing...

  • Forward some internet traffic (not all traffic) over ipsec tunnel

    2
    0 Votes
    2 Posts
    225 Views
    V

    @delphi5
    This depends on your used tunnel mode. Is it a policy-based or the VTI?

    If it's policy-based you had to add a phase to for the clients on both sites.
    With VTI you should be able to policy route the traffic to the remote site.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.