Thanks for the information.

Could the builders of pfsense help me pls.

@ferret: crypto isakmp key ABC123 address 203.XXX.XXX.XXX no-xauth that was the difference, when looked very fast preview

You need multiple phase 2's for each possible combination, such as: Client -> Server LAN Client -> Server Static Route Net 1 Client -> Server Static Route Net 2 Client -> Server Static Route Net 3 […]

@alexis.olivier: Hello everybody, I have two pfSense boxes running with 2.0RC3 in the same network. I tried to make an IPSec transport connection between them. The IPSec works well (racoon gets its connection established), but the problem is that all traffic going through enc0 is blocked by "Default deny rule IPv4", despite a firewall rule has been added to pass all the IPv4 traffic (tcp/udp) coming through IPSec interface (enc0). This rules is evaluated (evaluations counter grows up in pfctl -v -sr), but no packets is allowed. Did i forget something ? Thanks in advance for your answers ! Hi, Did you resolve this issue yet? Cheers

if remote gateway is down, for example, multi-WAN cannot solve the problem. it is solved if pfsense can connect to a secondary remote gateway.

Hello everyone,   Thank you for responses.  I have since downgraded to 1.2.3 stable and have not had a tunnel drop out since.  It is too bad because I really wanted to use some of the new functionality of pfSense 2.0 however, everyone is much happier now that the network is stable. Andrew

here are the rest of the settings     [image: photo.PNG] [image: photo.PNG_thumb]

Try setting NAT-T to force on the server side. It may have better luck breaking out of their network.

You may want to submit a report to http://ipsec-tools.sourceforge.net/ (and secondary to http://redmine.pfsense.org/projects/pfsense )

…until someone steals your phone and then has unlimited access to your network... The certificate auth, I believe, only replaces the pre-shared key part, not the username/password part.

Hi, i think i found my answer by playing around a bit. My remote network is 10.1.105.0/24, i then added a route on 10.0.0.2 –> route add -net 10.1.105.0 10.0.0.1 255.255.255.0 then i could access the machines running through gateway 10.0.0.2 i hope this might help someone else. Thanks,

If you use a dynamic DNS hostname it does work properly - I use this personally and I know people using it with dozens/hundreds of tunnels. It works great. However the title of the thread said "without DNS" so that's how I replied.