Hi, I see this good document on "How to set up IPsec tunneling in PfSense 2.0-RELEASE for road warriors".
I just want to use RSA-signature and not PSK (pre-shared key). In this case, seek 1 tutorial on: How to set up IPsec tunneling in PfSense 2.0-RELEASE (or PfSense 1.2.3)  for road warriors using RSA-signature.
Regards !

I hope everyone follows my example and posts solutions to frustrating problems they encounter like I am doing (even if they do not receive any help). To resolve this issue disable NAT-T (when pfsense holds the public IP). If that still does not help disable DPD and set 'Negotiation Mode' in Phase 1 to main (pfsense is at both ends in my scenario).

This might be my issue as well, I'm running a CARP setup with a pre-existing IPSec VPN and would need to connect to that using PPTP and then access resources across the IPSec VPN. Doesn't work for me either, never thought it might be CARP-related.

Hi dhatz,

That's what I'm trying to do also. Although I'm able to ping all hosts, I've an issue when I try to access a webpage. See my other post : http://forum.pfsense.org/index.php/topic,41522.0.html.

Feel free to ask question about the conf if you need help.

I think that the following link is the answer for my problem in freebsd but how to do it in pfsense ?
http://www.mail-archive.com/misc@openbsd.org/msg80590.html

Stephane

Any chance we could get some status on this issue? This is a huge feature to have.

Thanks  :-*

Awesome mate. That worked perfect. I did search I swear I just didn't come across that link.

Appreciate it.

Thanks for the information.

Could the builders of pfsense help me pls.

@ferret:

crypto isakmp key ABC123 address 203.XXX.XXX.XXX no-xauth

that was the difference, when looked very fast preview

You need multiple phase 2's for each possible combination, such as:

Client -> Server LAN
Client -> Server Static Route Net 1
Client -> Server Static Route Net 2
Client -> Server Static Route Net 3
[…]

@alexis.olivier:

Hello everybody,

I have two pfSense boxes running with 2.0RC3 in the same network. I tried to make an IPSec transport connection between them.

The IPSec works well (racoon gets its connection established), but the problem is that all traffic going through enc0 is blocked by "Default deny rule IPv4", despite a firewall rule has been added to pass all the IPv4 traffic (tcp/udp) coming through IPSec interface (enc0). This rules is evaluated (evaluations counter grows up in pfctl -v -sr), but no packets is allowed.

Did i forget something ?

Thanks in advance for your answers !

Hi,

Did you resolve this issue yet?

Cheers

if remote gateway is down, for example, multi-WAN cannot solve the problem.
it is solved if pfsense can connect to a secondary remote gateway.

Hello everyone,
  Thank you for responses.  I have since downgraded to 1.2.3 stable and have not had a tunnel drop out since.  It is too bad because I really wanted to use some of the new functionality of pfSense 2.0 however, everyone is much happier now that the network is stable.

Andrew