• Upgrade to 2.2.4 –> The VPN Shared Secret is incorrect

    18
    0 Votes
    18 Posts
    9k Views
    J

    @cmb:

    @juniper80:

    I had the same issue (Update from 2.1 -> 2.2.4, IPsec Phase1 keeps failing)

    I can confirm, this worked for me as well….

    With iOS and/or OS X mobile clients?

    For me this solved the issue on Windows with Shrewsoft VPN Client.

  • IPsec and NAT - pfsense 2.2.4 - both Outbound and Port Forward

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • MOVED: Acesso a serviço externo usando o tunnel ipsec

    Locked
    1
    0 Votes
    1 Posts
    426 Views
    No one has replied
  • PfSense virtual appliance in AWS connecting to client's Juniper IPSec

    1
    0 Votes
    1 Posts
    667 Views
    No one has replied
  • Access vpn tunnel with valid ip

    1
    0 Votes
    1 Posts
    544 Views
    No one has replied
  • IKEv1 aggresive mode with PSK fails on 2.2.4

    9
    0 Votes
    9 Posts
    5k Views
    L

    Hello Chris,

    I used web gui for configuration on latest beta firmware (6.21), they had some issues on 6.20 with ssl connections.

    Cheers,
    Tomek

  • Pfsense 2.2.4 rekey issues

    9
    0 Votes
    9 Posts
    3k Views
    W

    Yeah, you can switch the Drayteks to "Dialo out only" and "always on". This is the setup that always worked for us.

    On the problematic sites I switched to dial in AND out, so it's initiated, when someone starts working at the site. But that does not really help. After 7,5 hours the pfsense initiates the reconnect and the Draytek shows, that its still connected.

    The workaround at the time is to put up the phase 2 lifetime to 12 hours. So the problem occurs, when nobody is working.

  • Android 2 device does Wi-fi. Can't L2TP/Ipsec.

    1
    0 Votes
    1 Posts
    546 Views
    No one has replied
  • 2x Phase 2 not steady

    3
    0 Votes
    3 Posts
    959 Views
    C

    Is there a reason you're forcing NAT-T? That shouldn't be necessary and could be the reason if you're in a circumstance where NAT-T isn't required.

  • IKEv2 / Multiple Phase 2 issue

    2
    0 Votes
    2 Posts
    2k Views
    C

    Sonicwall has the same bug/lacking feature as Cisco ASAs with IKEv2 there.
    https://redmine.pfsense.org/issues/4704

  • Todo #4841

    1
    0 Votes
    1 Posts
    512 Views
    No one has replied
  • NAT/Route before IPSEC from my LAN

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    jimpJ

    @jameswhite:

    Is this still the case in 2015?

    NAT+IPsec has been integrated and working since 2.1-RELEASE, so if you are on a current firmware, you can do NAT+IPsec on the Phase 2 options. If you need help, please start a new thread.

  • 0 Votes
    8 Posts
    1k Views
    DerelictD

    Have you tried the client export package for pfSense?

    This is all I could find but it's for 2.0.1:

    https://forum.pfsense.org/index.php?topic=56513.0

    I don't see how it's possible to assign a static IP to an IPsec mobile user unless there's something buried in the RADIUS code that does it.

  • L2TP over IPSec tutorial for connecting with Android?

    1
    0 Votes
    1 Posts
    805 Views
    No one has replied
  • Multiple road warrior configurations

    2
    0 Votes
    2 Posts
    776 Views
    D

    Not ATM.

  • Solved: No traffic through VPN

    2
    0 Votes
    2 Posts
    745 Views
    W

    It was a plain and simple routing problem on the client PC.
    As soon as I added the route;

    route -p add 10.0.0.0 mask 255.0.0.0 192.168.1.1

    It works like a charm now !

  • Help with IPSEC setup mobile client IOS

    5
    0 Votes
    5 Posts
    1k Views
    M

    @gazoo:

    that's the iphone doing aggressive, i've got the server set for main.

    Your server needs to match your client.

    P1: IKEv1 aggressive, mutual PSK + XAuth, local ID IP address, peer ID user DN, AES256 SHA1 DH group 2.
    P2: Tunnel mode, local network 0.0.0.0/0, AES256 SHA1 no PFS

  • Memory Consumption IPSEC-Daemon

    2
    0 Votes
    2 Posts
    808 Views
    D

    https://forum.pfsense.org/index.php?topic=96767.0

  • [solved] Phase2 Negotiation fails "traffic selectors *** inacceptable"

    6
    0 Votes
    6 Posts
    20k Views
    M

    Took some time but it stays as reported. The error never occured again. But I have witnessed it on ALL my connections in question. Those were at least ~35 connections between ~5 Pfsense installations in question so I did not make this reportings out of the blue. Clueless on what may have stopped it - rebooting? Saving general-IPSEC config for the first time after Upgrade setting some crucial param for strongswan?

    Anyway the process of Upgrading is now done and all connections are now on IKEv2 which feels much smoother now. Everything works great. Monitoring shows a total of 324 Connections between 18 Boxes all happily connected all week long with 0 downtime  ::). I wrote myself a script for compiling the Configs this times which really speeded things up  8).

    I still encountered another minor issue but will make some extra thread…

    Regards and thanks again

  • IKEv2 + Client Certs + Radius possible?

    2
    0 Votes
    2 Posts
    865 Views
    jimpJ

    At the moment I don't believe that is possible. Last I saw, the code for IKEv2 with EAP in strongSwan only worked with users entered directly into the Pre-Shared Keys tab on IPsec.

    It's something we'd like to see working eventually though.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.