In cases when there is a subnet conflict on both sides with a VPN, both sides must perform NAT+IPsec, but this is different since it's the LAN on one side and WAN on the other. Unless S1 needs to talk to S3A you only need NAT on the S1 side.

You don't need to setup port forwards and other things, just on that particular IPsec Phase 2 you need to setup a NAT subnet.

S1 would NAT its 192.168.10.0/24 to, say, 10.10.1.0/24. On S1 in the IPsec Phase 2 settings for the tunnel to S3, just put that in the NAT/BINAT option.

To reach 192.168.10.1 at S1, a client at S3 would instead contact 10.10.1.1 for example.

Unless there is some other quirk I'm forgetting with the WAN side at S3 that should be OK

I have the same issue, rebooting once a day seems to be the only decent fix for now  :-\

I'm having similar issues.

https://forum.pfsense.org/index.php?topic=100779.0

I've just updatet to the latest 2.2.5 as advised here.

See if it helps. The loading of diag_ipsec.php still needs some time.

Seems to be linked to this problem

https://forum.pfsense.org/index.php?topic=99604.0

I've updated to the latest 2.2.5 Version today.

Report back how I goes

UPDATE:

Seems to have done the charm.
Issue that I have left, is that the SAD tab is flooded with entries. Most of them coming from the same IP.

Is there a way to manualy clear all of them?

Will be going back to the drawing board. Looking at having the following VirtualBox VMs running on a single PC (via a single NIC):

VPN Server 1 - Bridged Networking interface, Internal Network interface (site1)

VPN Client 1 - Internal Network interface (site1)

VPN Server 2 - Bridged Networking interface, Internal Network interface (site2)

VPN Client 2 - Internal Network interface (site2)

I have a new status here:

For some reason, the ipsec connection is now established via the backup link.
In general, that is exactly what I want - but it seems that there is no return to the primary gateway.
Both gateways are online now, but ipsec connection still established via the backup link.

It would be really helpful if someone could explain the behaviour of pfsense in details,
I guess I have not enough informations to understand that behaviour correctly.

BR, Nils

BlueKobold thanks for the reply i would rather use the built in VPN that comes with windows, I was considering openvpn but because i would need to download the client i went to IPsec. I just ended up doing L2TP without IPsec. Im going to wait until its more stable. I could not find the 2.2.5 but as cmb stated it should work on 2.2.4 which is very odd because it shows that the client connects to IPsec but on ios cannot navigate but able to ping google (maybe a dns issue) then on windows cannot connect to L2TP but IPsec shows connected which was behind NAT but without NAT works but cannot navigate, so long story short im not sure how people have it working or they maybe use the shrewsoft vpn client or most of the people use OPENVPN.

Thanks again

https://doc.pfsense.org/index.php/IPsec_Troubleshooting#Send_Errors

Bummer. That would be a useful feature for me.

The issues people have with Squid are generally it not starting because of PBI problems. If it runs, you're not having the same issue.

kern.ipc.nmbufs is different from nmbclusters. You might need to bump kern.ipc.nmbufs separately in that case. Run 'sysctl kern.ipc.nmbufs', what's that set to?

If that's the case then it's definitely not the same problem and you should start a new thread, and try to capture the panic message/backtrace if possible.

Nothing?