As per diagram above, I'm connecting from a remote client (192.168.1.0/24) to pfsense, which is on 192.168.0.0/24.

The router pfsense is behind is 192.168.0.2. Also, ipsec client will be 192.168.99.0/24.

Added a rule on that router (192.168.0.2) for anything 192.168.99.0/24 directs towards pfsense (192.168.0.110).

Still, the VPN client(192.168.1.137 or virtually 192.168.99.1) cannot access anything on the other side of the tunnel, nor can a PC on the 192.168.0.0/24 network ping the client. Only concerned about the former though.

Looks like it'll be a long weekend…

well, it seems that with openvpn, I dont have this issue.

I've tried with previous version of pFsense and i figure out following:
traffic from internal network to outside stop working when I add this static route, which has remote GRE ip address for gateway,
to explain it a bit more (ip addresses are not real in following example)

WAN on my side 193.2.2.116 (IPSEC)
GRE on my side 193.2.2.116

WAN on provider side 89.22.33.233 (IPSEC)
GRE on provider side 76.44.33.211

I'm having both ipsec and GRE on same FW, provider does not, so ipsec needs to be established first for GRE to work

problem here is that as soon as I enter this static route like

10.20.40.64/27 via 76.44.33.211 (remote GRE) on my pfSense firewall

my default GW is not reachable anymore, so DNS queries, ntp, browsing etc … is impossible from internal side.
traffic from outside still works, ipsec and GRE are up, but's it's really annoying, I can't even update my windows server behind pfSense,

any ideas, anyone?

No ideas?  I just need some pointers on what to check.  So far I've come up empty.

It seems to be related to:
https://redmine.pfsense.org/issues/3321

Hi, I have found the SOLUTION to the problem. It was the Failover configuration on System> Routing> Groups tab. I remove entries there temporarily as I'm only at a lab environment. I found the log using the following commands:

#clog /var/log/system.log |grep php

Installing ShrewSoft VPN Client again seems to have solved the problem. No idea what happened.

Does anybody have an idea?

Last week we reinstalled the pfsense with the backup of the current configuration.
We have still this problem.

Is there another way to check the racoon configuration?

Best regards,
Trexman

check phase 2 in side A

Hi Midnight_Shadow,

Thanks for Reply.

I succeed establish NAT before IPSec on Both sides without problem.  :D

The problem was on my IPCOP on Site B. My firewall established connection on SonicWall using Nat Over Ipsec.

If anyone need more information, let me know.

I've seen similar errors when there is a mismatch on negotiation mode (aggressive and main) Check your settings and if everything is correct on both sides try rwalker's suggestion and recreate the tunnel.

Hello,

Have you already given up?
I've configured IPSec site-to-site VPNs between Cisco 1841 & 2801 routers, and between the Cisco 2801 router & a pfSense firewall.
Maybe we can try to find a solution, if you agree.

Thanks.

Is there an updated document for this?

The below link is for version 1.2….

https://doc.pfsense.org/index.php/IPsec_between_pfSense_and_Cisco_IOS

Does anyone currently have ipsec working with the latest release between pfsense 2.1 and a Cisco ISR?

If so, could someone post both configs if possible?