If and only if I understood you right.. Please see the attachment picture ;) [image: Ipsec.jpg] [image: Ipsec.jpg_thumb]

Got it to connect finaly with this post: http://forum.pfsense.org/index.php/topic,32319.0.html I added VPN Shell access to the user i was using in the IPSec config.  Now I have the iphone on a diffrent network 192.168.197.0/24 than my main network 192.168.196.0/24.  I need to figure out how to route the traffic from the 192.168.197.0/24 network to my 192.168.196.0/24 network.  This all pivots around the setting in the VPN:Ipsec:Mobile under Client configuration (mode-cfg) virtual address pool.  Provide a virtual IP address to clients. Because you put in a different network you need a route to your lan network.  I am not sure how to make a route to the lan with pfsense(I am a cisco guy).  Almost need to setup a virtual interface and have a gateway address?  Any advice? Attached a screenshot of the settings I have. [image: VPN-IPSEC-Mobile.JPG] [image: VPN-IPSEC-Mobile.JPG_thumb]

Seems i can access some HTTPS site but very very slow, the main thing i am trying to access is a Vsphere cluster but as the VPN is so slow just times out. I have tried alot to try and get this working but in the end have just put the VPN on a £20 router for the minute back to the ASA and it now works fine!?

I don't think that our IPsec daemon supports keys like that. OpenSWAN does work with PSK mode, however.

Ok…so this config DOES actually work...I had to set my vmware adapter to 'allow promiscuous mode' (doh), now I can ping hosts on both sides. Hope this helps anyone with a similar issue!

If you specify a keep-alive IP that's in the remote subnet (inside the remote phase 2 network), it will bring up the tunnels automatically every time. The connect button just sends a ping on the tunnel, nothing fancy.

Hi, Can you take a SS of both of your configs or write them out here? Sounds like its probably a subnet thing or possibly another problem. Also.. Are there any errors in the logs under the Status->System Logs -> IPsec section? -E

@submicron: Great contribution!  Sticked for posterity and to encourage everyone who has IPSEC issues to immediately PM Eureka for help :D Thanks Submicron I had no idea this got stickied until I came here to post my "update"  8) Sorry if anyone has had any problems with this. I found a bug today with the "General" configuration page of the ShrewSoft VPN client (on a windows 7 system). It forced me to use a 255.255.255.254 netmask to get traffic across to the remote network. Ive updated the tutorial on the site to include the "working" netmask. -E

Did you change the "interface" to be the CARP VIP? Or did you just change the Identifier?

I have now tested it by configuring the internal PCs to VPN into the internal network and routing all traffic through it.  Without ripping the pfSense firewall out and rebuilding it as a manual FreeBSD setup, I don't know how else to fix the problem.

Great info, thank you!  :)

Site 2 server with Public IP: Mar 3 19:41:35 openvpn[56496]: event_wait : Interrupted system call (code=4) Mar 3 19:41:35 openvpn[56496]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1560 10.0.8.1 10.0.8.2 init Mar 3 19:41:35 openvpn[56496]: SIGTERM[hard,] received, process exiting Mar 3 19:41:36 openvpn[45557]: OpenVPN testing-cee388313521 amd64-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20100307-1] built on Feb 22 2011 Mar 3 19:41:36 openvpn[45557]: [DEPRECATED FEATURE ENABLED: random-resolv] Resolving hostnames will use randomisation if more than one IP address is found Mar 3 19:41:36 openvpn[45557]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts Mar 3 19:41:36 openvpn[45557]: TUN/TAP device /dev/tun1 opened Mar 3 19:41:36 openvpn[45557]: do_ifconfig, tt->ipv6=0 Mar 3 19:41:36 openvpn[45557]: /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up Mar 3 19:41:36 openvpn[45557]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1560 10.0.8.1 10.0.8.2 init Mar 3 19:41:36 openvpn[46329]: UDPv4 link local (bound): [AF_INET]y.y.y.y:1194 Mar 3 19:41:36 openvpn[46329]: UDPv4 link remote: [undef]