the "pfSsh.php playback svc start racoon" works for me, if I execute it from shell (PuTTY from my pc) when I issue this command, I can see in the system log: "php: pfSsh.php: Forcefully reloading IPsec racoon daemon" and after 3-4 lost pings, it pings again. Can you post your script, because I have the same problem with ipsec, and trying to solve it. But I'm really rookie in scripting.  ::)

Thank you very much!  :)

Finally found the answer:  Set NAT Traversal to Force Thanks to Vorkbaard:  https://forum.pfsense.org/index.php?topic=46917.0

Dials out? If a VPN tunnel isn't up already, it is triggered by the traffic destined for the other site. You do need to have a known WAN address on your home router, either a static ip or a DDNS-updated hostname if you're on a dynamic ip (DHCP).

Right so I figured out why it was sometimes working and sometimes not. When I do confguration changes to ipsec - pfsense removes my static host route and replaces it with own. i.e after I do configuration changes to ipsec i have to: make a new static route delete the static route pfsense automatically added. In case of just restarting ipsec pfsense does not delete my static route i.e after restarting racoon i just need to purge the route pfsense added during the racoon restart. Ok workaround for my test setup, but it would be preferable if possible to define a gateway e.g. in the phase1 configuration. Cheers / Thor

Thanks breakaway for your reply. It looks like you are correct. The problem seems to be that racoon does not accept wildcards(ran racoon with verbose and debug in a terminal) regarding incoming connections when matching with the PSK(running PSK during tests). There is a simple patch for allowing wildcards, but once I compile it, it won't start on pfSense due to something missing. It looks like I will need to get a older FreeBSD that matches pfSense 2.1.4 and try to compile on that.

Performance depends on the CPU that it has available. Stability would be more up to the Sonicwall sides than pfSense. We've had people running 300+ tunnels on pfSense before without issue (I believe they were almost entirely Draytek routers on the other side). It's not a problem with pfSense in general, but might be with your specific implementation.

L2TP+IPsec is not officially supported yet. It will be supported in 2.2. I have made it work for Android before on 2.1.x but I don't recall the specifics. I think I at least edited out that input validation you hit.

Hi Seem to remember that i had this issue the first time i used Pfsense. Resolved by changing Phase 1 proposal, Negotiation mode to Main And Policy Generation to Unique Enable DPD I also noticed that you are using 3g connection, in Australia the providers commonly do not provide a routable IP on 3g connections, you must request an additional feature to get a routable IP. If the IP of the 3g device is not routable i have found the IPsec does not work properly. Hope this helps. regards markl