• 23.09 Update and IPSec operation

    7
    1 Votes
    7 Posts
    804 Views
    T

    Confirmed this is fixed in 23.09.1-RELEASE

  • VPN on MAC issue vs. Windows Machines

    1
    0 Votes
    1 Posts
    230 Views
    No one has replied
  • EAP-MSCHAPv2 Ubuntu Client Isses.

    1
    0 Votes
    1 Posts
    237 Views
    No one has replied
  • Weird encrypted traffic (HTTPS) issue over IPSec

    8
    0 Votes
    8 Posts
    776 Views
    S

    @keyser let me start by saying that I appreciate the time you're putting into this. Right now, it's just a matter of curiosity but it bugs me to the core as I don't know why it needs MSS clamping all of the sudden.
    Now, I've ran the test and captured the packets (see the attached pcap files) but I am unable to determine why it's working / not working. I've included two pcaps, one with the non-working HTTPS connection, one with the working one. From my point of view (I'm sure I'm missing something), it doesn't look like an issue. I don't know why all the retransmissions in the non-working but as I said, I'm probably missing something.

    P.S. 10.41.199.205 is the HTTPS server, 172.31.254.251 is the client.

    Thank you.
    working.pcap non-working.pcap

  • Connecting two 192.168.5.0/24 networks with NAT on both sides

    7
    0 Votes
    7 Posts
    633 Views
    M

    SNAT and DNAT is all you need here. Either site won’t know the real IP but that’s ok obviously you will keep track but that’s all that’s needed here to get around the overlap

  • Ipsec with Ipv6

    1
    0 Votes
    1 Posts
    179 Views
    No one has replied
  • IPSec strange problem

    2
    0 Votes
    2 Posts
    378 Views
    G

    Some update on this: on the A side there are attached other networks over OVPN still in shared key mode... So from site B i can reach ALL(!) other networks fine independed of the gateway i use... Only the local attached networks of site A have problem from side B if i go through the second wan line.. Does anyone has any idea on how to trace the problem?

  • 1 Votes
    12 Posts
    2k Views
    JonathanLeeJ

    My android will not even connect to even external AP WiFi in 23.09. Other devices connect just fine.

  • 0 Votes
    4 Posts
    1k Views
    perikoP

    @anthony-breen If are trying to work with other brand, add more algo in phase 1 and phase 2, if u don't have the doc where u can see what algo he need u need to do reverse eng. Add more, maybe he is searching for less secure algorithms.

    The only issue is that if u are in pfsense 2.7.x and they request less secure algorithms, U will be not be able to make work.

    phase.png

  • IPSec Status on Dashboard Incorrect.

    1
    0 Votes
    1 Posts
    168 Views
    No one has replied
  • Mobile clients keep alive?

    1
    0 Votes
    1 Posts
    260 Views
    No one has replied
  • 2 separate phase1 tunnels to same remote IP

    2
    0 Votes
    2 Posts
    375 Views
    perikoP

    @dsmoljan not possible, I ask the same!!!

  • Create Interface for IPSec connection

    2
    0 Votes
    2 Posts
    210 Views
    No one has replied
  • pfSense to WatchGuard Firebox IPSec VPN

    1
    0 Votes
    1 Posts
    154 Views
    No one has replied
  • IPSEC with remote hosts with same Peer identifier

    1
    0 Votes
    1 Posts
    215 Views
    No one has replied
  • IPSEC Mobile setup, cannot have more than one configuration.

    3
    0 Votes
    3 Posts
    374 Views
    perikoP

    @keyser is a shame, but well is a feature that will be great to have.
    Any way thanks for your info!!!

  • Question about IPSEC site to site with Wireguard

    3
    0 Votes
    3 Posts
    562 Views
    K

    @periko hi thanks for the reply, i ended up just putting the IP of the fortigate WAN ip and NAT

  • 0 Votes
    5 Posts
    521 Views
    H

    Got it, so is not a must to have this for reaching other side's computers :)

  • IPsec: Remote Access to Multi Site to Site.

    7
    0 Votes
    7 Posts
    683 Views
    H

    @HKFEVER

    Confused.

    Remote client's subnet is 192.168.5.0/24

    Site B IP is 28.37.35.162, subnet is 192.168.2.0/24:
    Tunnel B <-> C:
    P1 is connect to Remote Gateway 38.37.35.162
    P2 is connect to Remote Gateway's network 192.168.3.0/24 (this is Site A's subnet)
    For additional 2nd P2, what network should I put in?

    Tunnel B <-> A:
    P1 is connect to Remote Gateway 18.37.35.162
    P2 is connect to Remote Gateway's network 192.168.1.0/24 (this is Site A's subnet)
    For additional 2nd P2, what network should I put in?

    Site A IP 18.37.35.162, subnet is 192.168.1.0/24:
    Tunnel A <-> B:
    P1 is connect to Remote Gateway 28.37.35.162
    P2 is connect to Remote Gateway's network 192.168.2.0/24 (this is Site A's subnet)
    For additional 2nd P2, what network should I put in?

    Site C IP 38.37.35.162, subnet is 192.168.3.0/24:
    Tunnel C <-> B:
    P1 is connect to Remote Gateway 28.37.35.162
    P2 is connect to Remote Gateway's network 192.168.2.0/24 (this is Site A's subnet)
    For additional 2nd P2, what network should I put in?

  • IPsec Logging levels can no longer be changed..

    7
    0 Votes
    7 Posts
    525 Views
    jimpJ

    @keyser said in IPsec Logging levels can no longer be changed..:

    @jimp Hi Jimp. thanks for the insight and analysis. Will there be a patch for this in the patch tool?

    Yes, eventually, might be next week or later, but you can add in a manual entry now (copy/paste that diff above) and apply it now if you don't want to wait.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.