Yes, several times. Just make sure the settings match up.

DPD off on the 2.0 side doesn't appear to have made any change for us.

That would do it. :-)

Did you choose the CRL on the OpenVPN server config page?

If you make a CRL under the Cert Manager, you still have to tell the OpenVPN instance to use it.

Yeah, that is saying sort of what I said but in a lot more detail. :-)

Adding that to pfSense has been discussed, but it's too much work to make it into 2.0.

There will be a manual to set up ipsec with an iPhone and pfsense 2.0 soon, I hope. In the meantime, your best option is using OpenVPN with the OpenVPN export wizard package and Viscosity as OpenVPN client on OS X, as it works flawlessly.

If you're just NATing all that traffic to one IP within the local subnet, and the traffic matches the SPD before NAT, then you can use outbound NAT on IPsec if using 2.0. Otherwise there has never been a way to accommodate that short of doing the NAT on a different system.

same normal tunnel not working for me since upgrade 2.0 RC1,i have to downgrade to 1.2.3

Then you should be able to do that with IPsec in transport mode + a GRE tunnel + some routes. No idea how that would work on the Juniper side, but pfSense should handle it fine.

If and only if I understood you right.. Please see the attachment picture ;)

Ipsec.jpg
Ipsec.jpg_thumb

Got it to connect finaly with this post:
http://forum.pfsense.org/index.php/topic,32319.0.html

I added VPN Shell access to the user i was using in the IPSec config.  Now I have the iphone on a diffrent network 192.168.197.0/24 than my main network 192.168.196.0/24.  I need to figure out how to route the traffic from the 192.168.197.0/24 network to my 192.168.196.0/24 network.  This all pivots around the setting in the VPN:Ipsec:Mobile under Client configuration (mode-cfg) virtual address pool.  Provide a virtual IP address to clients.

Because you put in a different network you need a route to your lan network.  I am not sure how to make a route to the lan with pfsense(I am a cisco guy).  Almost need to setup a virtual interface and have a gateway address?  Any advice?

Attached a screenshot of the settings I have.

VPN-IPSEC-Mobile.JPG
VPN-IPSEC-Mobile.JPG_thumb

Seems i can access some HTTPS site but very very slow, the main thing i am trying to access is a Vsphere cluster but as the VPN is so slow just times out.

I have tried alot to try and get this working but in the end have just put the VPN on a £20 router for the minute back to the ASA and it now works fine!?

I don't think that our IPsec daemon supports keys like that. OpenSWAN does work with PSK mode, however.

Ok…so this config DOES actually work...I had to set my vmware adapter to 'allow promiscuous mode' (doh), now I can ping hosts on both sides.

Hope this helps anyone with a similar issue!