Hi Did you have any luck with this? I am having the same trouble with a SSG20.

Your P2s to the remote sites, and the mobile clients, must include the remote networks and the mobile IPsec network.

The section you're referring to is for site to site VPNs. Those either require a hostname or IP for the remote. For mobile clients, you want mobile IPsec which is separate.

What do your IPsec logs show for that connection?

Only way a VPN can be disabled is an admin going in and checking that box. Go to Diag>Backup/restore, config history tab, and you'll be able to find who did it assuming it wasn't a bunch of revisions in the past.

Hi, I have the same scenario, but my IPSEC tunnel is not working, bernikm can you help me posting your config? Thanks

Hi, did you find any suitable solution to your issue? I think I'm in the same situation (please see my post "Failover not working" in the IPSEC section), but since Ssptember I have not a single comment.  :(

Hi, did you find any suitable solution to your issue? I think I'm in the same situation (please see my post "Failover not working" in the IPSEC section), but since Ssptember I have not a single comment.  :( It seems nobody knows about this problem, except we two.

Ok, problem solved. How I missed it, I don't know, but the problem was DNS. I forgot to add UDP to the IPSec rule on the firewall. Doh!  :-[

It's exactly like a normal site-to-site IPsec setup, but the dynamic site needs a DynDNS host setup, and the other end uses that for the remote peer address.

I have the same problem. I haved stablished the tunnel, and from pfsense the ping return. I have presented a different network to mine. but not how to do NAT. Can you give an example? Please example my configuration Phase 2 Local network (UP) 192.168.1.2/32 local network nat (down) 10.0.0.2/32 remote network 10.22.0.0/20 Thanks,

@starkiller:         my_identifier keyid tag "VPN";         peers_identifier keyid tag "VPN"; I know this a reply to an old post but I think the my_Identifier KeyID tag should be different to the peers_Identifier KeyID tag.

I think I am having the same problem. I added a second WAN (ATT) and changed the default gateway to the new ISP (ATT) and modified the rule for ipsec to use the SONIC gateway. When the default is set to ATT mobile IPSEC fails. When the default is set to SONIC it has no issues.

Check at Untangle, must be something block IPSec tunnel to establish

This morning's results. Remember, this is a real-world network, not a lab situation. (So fun to watch…)  

Look a this one, Following my actual setup and the basic setup you want to achieve (lan gaming), it should work fine. Be aware of well understanding subnets and what "using a different subnet" for mobile clients means" If you'r using the default 192.168.0.1 configuration and the subnet mask is 255.255.255.0, using 192.168.4.1 IS NOT A VALID DIFFERENT SUBNET. you can have a look at my actual personnal config in this post:  https://forum.pfsense.org/index.php?topic=83781.0 my second post show print screens of a "partially working" config (you will understand if you read it all). Zikmen