I have solved my dilemma, just upgraded to 2.02.  Thanks everyone for reading.

@bellera:

@redflag237:

I tried adding a Gateway for 192.168.178.0/24 on 10.178.1.62. Ping is ok for this (Green in Dashboard). I tried to add a route for 192.168.178.0/24 with this Gateway, no success.

Don't add gateways or routes. Just specify local & remote networks. When a tunnel is established, virtual interface acts similar to a physical interface.

Add a rule for your LAN interface allowing (any) traffic to the remote network and using default gateway (pfSense should route it, you don't need policy routing here). Remember to put your rule first than others that could interfere it.

Thank you so much. Tunnel is up and running.
Unfortunately the Tunnel is only working between my Network specified in Phase 2 and the FritzBox network. There is no routing done on pfsense side.
FritzBox is configured to accept the other subnets as source on the tunnel.

How do i have to configure the Back-Route on FritzBox to get my routed subnets working?
Does there have to be a virtual IP that can be used as Gateway for the tunnel?
Maybe it is more useful to use NAT from Subnet X to VPN-enabled subnet on pfsense?

Best regards,
redflag237

I'm just the moderator for the Spanish sectior.

I don't have access to doc.pfsense.org

I'm sorry!

Josep

Thanks guys.
Problem solved.
i just for found i made a mistake by doing TCP port forward in cisco router and follow the guide to using the udp in openvpn seting.

any way, thank you.!!

I've tried all of those things, I don't think it's a windows SMB issue since it worked before the router change.

I also enabled the no-df option which didn't make a difference either. It's just SMB as far as I can tell though, other protocols work fine.

Edit:

And it does work fine locally, just not over the ipsec vpn…

Edit 2:

face f*%king palm.... windows firewall. Somehow it was turned on again on the problem computers. I don't know how it got re-enabled, when, or why it worked on my old vpn. But I don't care anymore, I've been tearing my hair out for 2 days with this.

Thanks for the help guys, guess it wasn't a pfsense issue. It was the only thing that changed on my network so I assumed it was.

Yea i do! Just ring me!! :-)

Vmware always! :-)

You need to go into detail my friend.. Screen shots would help alot, to get more responses

I can explain how to do it, as i am have done it. But wouldnt it just be easier to establish another IPsec tunnel to Site 3 from Site 1?

What is the gateway of your 0.0 computers using? It should be pfsense… not the router... The router should be a route for pfsense to get out to the internet. Clients shouldnt really be able to see the router at all accept for Pfsense. IF your router can ping then the internal IP hop is missing, and needs to be corrected.. But i would recommend making sure clients gateway is pfsense.

So it should look like this

192.168.0.0/24---->pfsense(192.168.0.100)----Router(172.32.45.1)---<internet>---Router--Pfsense--192.168.10.0/24

Yea...</internet>

Under diagnostics, and PFinfo  I noticed some packets are getting blocked, not sure what to do with that info, or if it is relevant.

gre0
Cleared:    Mon Nov 12 16:28:37 2012
References:  [ States:  0                  Rules: 10                ]
In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
In4/Block:  [ Packets: 0                  Bytes: 0                  ]
Out4/Pass:  [ Packets: 43039508          Bytes: 34927813259        ]
Out4/Block:  [ Packets: 5993              Bytes: 5565603            ]
In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
In6/Block:  [ Packets: 0                  Bytes: 0                  ]
Out6/Pass:  [ Packets: 22                Bytes: 1692              ]
Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
gre1
Cleared:    Mon Nov 12 16:28:37 2012
References:  [ States:  0                  Rules: 8                  ]
In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
In4/Block:  [ Packets: 0                  Bytes: 0                  ]
Out4/Pass:  [ Packets: 10901950          Bytes: 1862315434        ]
Out4/Block:  [ Packets: 8                  Bytes: 320                ]
In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
In6/Block:  [ Packets: 0                  Bytes: 0                  ]
Out6/Pass:  [ Packets: 56                Bytes: 4292              ]
Out6/Block:  [ Packets: 0                  Bytes: 0                  ]

@Stevej:

Yes it definitely has a static IP which doesnt change. The Draytek to Draytek IPSEC is fine. It seems that the security associations arent being cleared out and therefore although the tunnel will establish it wont pass data, but only seems to be for tunnels behind NAT.

Any more thoughts anyone?

yes - BUT is it PUBLIC IP?

It works even with dynamic ip if you use DDNS service also.

i have the same problem :( :(

Do you have any solutions because one phase 2 is up and another phase 2 is down ??

tunnel 192.168.126.0/24 192.168.5.0/24 ESP 3DES SHA1, MD5 (UP)

tunnel 192.168.100.0/24 192.168.5.0/24 ESP 3DES SHA1, MD5 (DOWN)

So, it is ok for local network to be duplicated in rules?

I did try this, but saw that one of the errors at one point was "duplicate rule" or similar in the logs, so I figured it was not meant to be like that.

… I will try again shortly.

Thanks,

Wil

Yeah you'll have to have 25 P2s. May want to consider consolidating that for the P2s and controlling more tightly via firewall rules, but it'll work fine with 25 P2s as well.

What does the bandwidth behaviour look like without the VPN? Without testing that you've no way of knowing if your problem is because of the VPN, or something else…