the only difference with the new location was 1.2 release version. I have just downgraded to 1.2 rc2 to get things rolling. tunnel is up and running
thanks for all the help, and I do apologize for switching it out. I needed to get it going.
Not sure which thread exactly you mean but that topic is covered multiple time like for example here: http://forum.pfsense.org/index.php/topic,8476.msg47573.html#msg47573
However I don't think that this has something to do with the issue we are seeing here.
You can use the same identifiers at both ends but they have to be unique for each tunnel. Having them different at both ends for the same tunnel won't hurt, just set everything up correctly. I usually find it easier to have the same at both ends as this is easier to remember and less possibility to configure things wrong. I would just disable the IP-Identifier tunnels for now (there's a checkbox when you edit the tunnel) and set up the new ones from scratch. This way you can easily move back and forth between the one and the other config until you get things going. Once the parallel tunnel setup works just delete the disabled IP-Identifier tunnels.
Then you have a problem at the remote end. Maybe it needs some firewallrules too? Also note that the devices that are establishing the tunnels usually can't use the tunnel itself unless you add a fake static route. Retry from clients behind the vpn endpoints.
We do create rules for IPSEC behind the scenes. In the past you only had to add those rules manually if you were running ipsec on VIPs like CARP but I think we nowadays even create rules for those since you now can specify the CARP IPs as endpoints in the tunnelconfiguration.
Oh, ehm … i change the PFS option to 2 and now the tunnel is up and running again.
I'm wondering how the tunnel works first with this option set to off ...
It's not designed that way yet. Search the forum if you need further details. This has been discussed in depth already. When using dynamic endpoints at both ends try using openVPN.
I have seen that error before when the ends of the tunnel are mismatched. One being main and the other agressive. I have seen it when I am first setting up the ipsec connections between symantec, linksys, & netgear boxes.
RC
What VPN clients do you use for IPsec and Open VPN?
Is OpenVPN a encrypted VPN solution?
Take a look at the documentation on http://www.openVPN.net on how to setup an openVPN client.
Reading the example file and the documentation helps to bring the client to run…
http://openvpn.net/index.php/documentation/howto.html#client
To your question if OpenVPN is an encrypted VPN solution.
Did you even take a look at it?
From your question it seems to me as if you didnt even bother to read the absolute basics about it.
(Like the frontpage of http://www.openvpn.net )
