@fazevedo How would that be any different than the actual IP address? You don't have to tell anyone what the domain name you chose is. There's literally no security concern any different than having a public IP.

Enabling Split connections on Phase 1 solved it.

@viragomann++ Thanks for your reply. You where right, I was missing firewall rules Site A (intermediate hop) Now I've the hop tunnel working. Thanks again.

Aaaannnndd it started working, somehow. I played a little with "Rekey Time" and " Reauth Time" but didn't get the results I expected, so I disabled them (which is what I had before). But somehow, icmp translation started to work. Now it works but I don't know why..... :-P Tks. Roberto

@johnpoz Thanks for the reply. I think I've done that, i've also added it to the LAN and IPsec section for good measure. [image: 1665643833597-9c297238-893b-4bf2-9ccf-7f8a6c17a83d-image.png] [image: 1665643844292-eaeb2008-15cf-4338-b279-787330cc6462-image.png] [image: 1665643850924-89ec900d-fe2a-4896-8a41-35813600e913-image.png] And still I get the following in the IPsec log: [image: 1665644055797-a21db9c7-c0b4-4ec2-96d6-b785f499734b-image.png] I've blacked out my IP. Thanks Jacob

@thewaterbug said in Win10 IKEv2 Connects, but No Network Access: @keyser Thanks! Does putting the config file in the /conf/ folder work for all pfsense installs? It didn't work for me. My problem may have been that I didn't rename the config file. I just put it in there with its full filename, e.g.: config-hostname.domain.tld-20221007121918.xml After doing some reading, I renamed it as just config.xml. I didn't know whether to put it at the root or at /conf/, so I put it in both, and it worked this time.

I have fixed it for now. The Current tunnel configurations was setup as IKEv1. I have converted both sides of the tunnels to IKEv2 and I can now see all the SA's on the PFSENSE SIDE and they match the networks on the Fortigate Side. I am able to pass traffic on my 2 test networks. I will add more networks on Monday....If I can pass traffic on all 14 of the networks ....then I am good. if not, IKEv2 on the PFSENSE Side provided the Ability to split connections. You can read more about split connections in this document. https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure-p1.html#advanced-options Thank You

@thewaterbug Fixed: Add-VpnConnectionRoute -ConnectionName "PI-IKEV2-VPN" -DestinationPrefix 192.168.0.0/24 -PassThru with the Use Default Gateway . . . unchecked.

@gary-lopez viva la raza carnal!