I have search for open tickets for 1.2rc2, but i cannot find it….

it works with the newest snapshot, thanks

Please search…....

http://forum.pfsense.org/index.php/topic,6085.0.html

yes, seems to work.

Thanks!

So, go ask the question on the relevant FreeBSD list  ;)

If/when it's imported into FreeBSD the chance of getting it into pfSense improve considerably, particularly if it's imported into the version pfSense uses as it's core.

Depending on which 1.2b1 you have (whether a snapshot or the release version), there could be IPsec problems. I don't recall what versions had issues that far back.

The 1.2RC2 release, or current 1.2 snapshots, don't have any IPsec issues. I upgrade to snapshots a couple times a week, and other than the couple times in the past 6 months that IPsec has actually been broken, have never had any problems.

Typically when this happens, there's a mismatched timeout somewhere. Prefer old SA's shouldn't be used in this case.

There were some major IPsec problems in some snapshots around that timeframe. They should all be cleared up now, try a snap from today.

You will need a static route for the traffic to be directed out the proper WAN interface.

I´m not sure what i´m doing wrong here, but i dont get the dhcp-relay working of ipsec, is that possible in the first place?

Also Trying to trunk 2 vlans from a cisco without success, i have setup the vlan and correct tagging(as they come from the cisco), but i cant get the inside(remote vpn) cisco working, cant even see info with cdp.

How should i set up the trunkport?.
Should the lan interface be bridged with the native vlan from the cisco and then the second vlan bridged with lan?

I´d be one happy pfsense user if i could get any of those to scenarios working ;)

regards /F

Found that this is NAT-T enabled and then disabled again. during the change there is something weird going on, but the tunnel still does not get established.
Please look at the second log I sent.
This is looking at a similar problem. http://forum.pfsense.org/index.php/topic,5473.0.html
But I am using the IPSEC on the WAN interface so probably not a routing problem - problem with CARP?
-I don't think so because I have a different site with a m0n0wall connecting perfectly, only the Zyxel is bugging me!
I set the MTU on the zyxel to 1400 just to make sure it is not ADSL that is eliminating the reply and thus the timeout, but no result.

Any ideas?

Thanks!

if the server needs to be identified as well, peers_identifier asn1dn option is also necessary

You will need to add rules to allow UDP 500 and ESP on your pfsenses wan interfaces

Per default there are no rules and thus block everything.

I found out that the secret word was too long.  I made it shorter.  I got it working.  I have this tunnel working one way as well.  I can go to their end but can't come back.

go to Firewall -> Rules the select the wan tab
then click the little square with a plus icon.
then create a rule to allow the ESP protocol and another to allow UDP port 500

No matter of priority between IPSEC and local atached network (it seems that IPSEC gets over locals). I think U have to play more with subneting/superneting techniques.

The problem is that 10/8 on A you have to use eg 10.2.0.0/15 which includes 10.2/24 and 10.3/24 networks:

(10.2/15)
      box A <–-(tun A-C)---> ipsec to other networks, works fine
        A
        |
    (tun A-B)
        |
        V
      box B                     
    (10.1/16)                 
    ----|----                 
    |        |
  LAN    OPT1
10.1/24  10.1.1/24