1. Home
  2. pfSense® Software
  3. IPsec
Log in to post
Load new posts
  • D

    Pfsense 2.3.2 VPN to FritzBox 7490 06.60

    8
    0 Votes
    8 Posts
    12k Views
    C
    Hi guys I have a similar problem connection is active but traffic exchange impossible how you want to configure PfSense for traffic exchange ??? thx
  • J

    IPSec fails with "no shared key found for '%any'"

    2
    0 Votes
    2 Posts
    12k Views
    J
    I fixed this by switching the remote Peer ID to something other than Key ID; I used Distinguished Name and set it to the dynamic DNS hostname for the remote site
  • S

    Add Ipsec Road warriors idle timeout

    1
    0 Votes
    1 Posts
    474 Views
    No one has replied
  • M

    IPSEC initiator - automatically re establish connection. ?

    2
    0 Votes
    2 Posts
    754 Views
    W
    Hello, I'm a newbie on pfSense but I had the same question ! I mock up a platform for a client and when I practice an interruption, the VPN IPSec don't go back up. Do you find a solution ? Regards, W.
  • S

    [SOLVED] Connect to IPsec from local WLAN

    4
    0 Votes
    4 Posts
    6k Views
    P
    Hello Stefani, I have the same issue as you have seen in https://forum.pfsense.org/index.php?topic=126332.0 My question, did you resoved the issue? For me it is not really clear, wheter you can connect from internal LAN now? Thanks, Perino
  • R

    IPSec tunnel to Meraki built and running but no traffic is flowing through

    3
    0 Votes
    3 Posts
    832 Views
    R
    @jecrabtree: What rules are assigned in IPSEC on both sides? On the Meraki side I just put in the PSK and the subnet that would be on this side.  This tunnel worked to a previous Meraki box and to a watchguard box. I matched up the IPSec settings and my SPDs look good.  Just no traffic flows.
  • M

    Using IPSec tunnel for IPv6 default GW doesn't work for self-traffic to firewall

    1
    0 Votes
    1 Posts
    695 Views
    No one has replied
  • J

    IPSEC NAT/Binat with routed subnets not Natting or passing traffic

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    J
    Got it solved. Ended up being a configuration in the Traffic Shaper. I had HFSC configured on all the interfaces. However after adding the new interface I did not copy the settings into the new interface. I clicked the remove shaper and the second that happened all traffic was flowing correctly. I then did the Multi all wizard and at that time it wouldnt compelte without throwing an error about a speed mismatch. This particular interface is 100MB however the WAN interface has a lot more. This was the only thing I could see as the issue. After some TLC the shaper is back in without errors and traffic is still flowing. I have seen this before on other HFSC implementation either from an interface being added, or upgrade causing traffic to just stop being passed, even if the rule has no queues being set the matched traffic just doesnt work. Anyway. If your reading this and have HFSC setup and seeing a similair issue. Go ahead and remove it to see if that corrects it. you'll likely find the issue when you attempt to run the wizard again as it will likely not complete and load the rules without an error, at least in my case that was it. As for the setup. There is a LAN Core onsite at teh main office that detours specific matching traffic to the P2P Core that is in a rack at a datacenter offsite. That P2P core will either send the traffic to one of the  multiple sites or to the Interface on the PFSENSE FW in the DataCenter. This was the FW we experienced the problem from. (Cores are Layer 3 switches performing Routing functions for sites or intervlan traffic)
  • Z

    IPSec connection attempt isn't blocked.

    3
    0 Votes
    3 Posts
    727 Views
    P
    @zMaliz: Why doesn't this stop the connections ? Because when configuring a VPN, hidden firewall rules are automatically added to allow the corresponding traffic in. I would assume that you allow mobile clients in as then the source address of the above mentioned hidden rules is set to any. You could disable these VPN rules from being automatically created (System, Advanced, Firewall and NAT, Disable Auto-added VPN rules) but then you'd have to manually add your own rules on the WAN interface to allow the legitimate IPsec traffic.
  • B

    Cant connect to internet via IPSEC

    1
    0 Votes
    1 Posts
    472 Views
    No one has replied
  • P

    IPSec VPN connection from internal LAN

    2
    0 Votes
    2 Posts
    1k Views
    S
    I've got the same issue: https://forum.pfsense.org/index.php?topic=123650.0 So far no solution found.
  • J

    Blackhole Remote Network addresses if tunnel is down

    3
    0 Votes
    3 Posts
    2k Views
    J
    That is a sweet solution, thank you! I searched the pfSense Book earlier for Egress filtering, thinking I could filter on outbound from an interface someplace, but didn't find it.  Didn't realize you could specify direction on Floating rules.  Thanks again!
  • P

    Remotely access LAN with UDP autodiscover for media devices

    1
    0 Votes
    1 Posts
    513 Views
    No one has replied
  • C

    Version 2.3 IPSec both sides

    7
    0 Votes
    7 Posts
    2k Views
    4
    I have the same no ike error when I configured for carp ipsec mschapv2 for win8/10 as seen in https://www.youtube.com/watch?v=xV1vEl4XAnw but did not changed WAN IP for WAN CARP IP
  • B

    Connecting to Cisco ASA - Dual WAN

    1
    0 Votes
    1 Posts
    598 Views
    No one has replied
  • D

    MSChapV2 Authentication missing in 2.3.2/2.3.2

    2
    0 Votes
    2 Posts
    613 Views
    jimpJ
    You are looking at the wrong type of P1. EAP-MSCHAPv2 and other similar methods are only available for mobile IPsec, not for site-to-site P1s.
  • P

    Windows 7 rekey fails always

    1
    0 Votes
    1 Posts
    484 Views
    No one has replied
  • C

    Proper Setup for L2TP/IPSec using Synology NAS

    1
    0 Votes
    1 Posts
    791 Views
    No one has replied
  • J

    PFSense-to-PFsense IPSec tunnel on network other than LAN?

    3
    0 Votes
    3 Posts
    2k Views
    J
    @Derelict: 1 = ADMIN - (192.168.2.1/24) 14 = ESXI - (192.168.2.14/24) 25 = VOIP - (192.168.2.25/24) 30 = DMZ - (192.168.2.30/24) What you say? LOL, no. thats a typo.. That would NOT work!  I've edited the orginal post to correct this.. the real address for those vlans is 2 = ADMIN - (192.168.222.0/24) 10 = LAN - (192.168.10.0/24) 11 = WORK - (192.168.11.0/24) 12 = REMOTE - (192.168.12.0/24) 14 = ESXI - (192.168.14.0/24) 25 = VOIP - (192.168.25.0/24) 30 = DMZ - (192.168.30.0/24) In a nutshell.. If I have my remote pfsense box IPSEC configure to use my LAN subnet, 192.168.10.0/24, and my LOCAL pfsense set to have his traffic come in on my lan subnet, vlan 10, everything works just peachy.. If I change the remote pfsense box to use a different subnet (say vlan 12 - 192.168.12.0/24 ), AND set my local pfsense box to have his traffic come in on vlan 12, it no workey..  Not one byte. Yes I have rules that for now allow ALL traffic to pass from the interfaces I've been testing with, namely VLAN 10, and vlan 12 on my end, and his ipsec & lan interface on the remote side I'd really like to figure this out! Thanks
  • B

    Shrewsoft IPSEC with PFSense 2.3.2_1

    5
    0 Votes
    5 Posts
    2k Views
    C
    i had a working config but after one of the recent pfsense updates its no more. i can ping ips but not domain names
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.