Unfortunately not an uncommon issue with cable, and tends to be difficult to get the cable company to track down or even admit there's a problem. Glad you were able to get them to find and fix it.

nobody help me ??!!! i check every thing  and all setting is ok and tunnel connected bud traffic not pass from lan subnet to destination lan subnet from ipsec tunnel ! :P

Staff believe that is the problem: https://redmine.pfsense.org/issues/4504 Someone al uses version 2.2.2? it will not downgrade to version 2.1.5 Thz.

After much trial and error, I'm finally able to get L2TP/IPsec and IKEv2 working (separately, not at the same time) . However, at this time it seems I need to make a decision. My VPN needs to support both Windows & Apple devices. Some of the Windows devices (i.e. tablets) don't have third-party client software available to support straight IPsec VPN. (this means OpenVPN is also not an option) The choices are: Support only iDevices using L2TP/IPsec* Support only Windows devices using IKEv2* Unless someone can point me to documentation explaining how to support both protocols at once. StrongSwan has an OS X client that is supposed to provide IKEv2 connectivity. However, there is zero documentation, and the GUI completely non-intuitive.

I have similar issues - so far been total catatrophe when changed to StongSwan! I have anything good to say about this change. Racoon worked fine but it has it's known limitations. We have now also problems with pure site-to-site vpn too where packets just stops flow ( that will be covered othe thread)

The root cause of that issue is https://redmine.pfsense.org/issues/4538 which is fixed for 2.2.2.

That's been brought back for 2.2.2. Snapshots are available @ https://snapshots.pfsense.org. That'll be release soon, but is fine to try now if you need this right away.

https://doc.pfsense.org/index.php/IPsec_Troubleshooting

This https://forum.pfsense.org/index.php?topic=91627.0 seems to solve it.

Hi charlien, does your issue look like this? https://forum.pfsense.org/index.php?topic=91020.0 Many Phase II tunnels for only a single SA? Phase I established? No data went through?

With the new Fritzbox 7490 it works. Thanks!

I was able to fix the issue by removing virtual network adapter for VM in hyper-v and add new one. After that all works. For some reason OPT1 was using difference MAC address than virtual NIC assigned in hyper-v. All is good now and working correctly.

If you're sure the tunnel gets build in the right manner then only the rules pls! Can u post a detail from you p1 en p2! Don't forget to blank out passwords/keys etc! Also your rules from f1 and f2 pls? Or replace your internal addresses if you don't wanna show these! (or pm me? I'm in GMT+2)

thx! Thought so, but wasn't sure!

OP's logs show 192.168.25.201 as an identifier, so I'm sure that's this: https://doc.pfsense.org/index.php/Upgrade_Guide#Stricter_Phase_1_Identifier_Validation @mooboynyc: IDir 'myhost.mydomain.com' does not match to 'XX.YY.ZZ.WWW' To resolve, I edited the IPsec configuration.  Under "Phase 1 proposal (Authentication)", change the "Peer Identifier" from "Peer IP Address" to "Distinguished Name" and enter the dynamic DNS name of the remote end.  I was able to establish a connection after this single change. Ditto for that. It was mismatched to begin with, racoon would just fall back to the IP if the identifier didn't match and try that, hiding the fact things weren't actually correctly configured.

Dear all I have solved my problem… just follow this instructions: https://forum.pfsense.org/index.php?topic=57104.0 Thank you