@moffl: for your info. Don't know what i am missing Tried it no go. just set up a ipsec tunnel on 2 different computers over a completely different network and it is responding exactly the same can't receive email, can not download files, cannot remote. it may be my imagineation running away right now but it seems when you first start email program or download their is the first initial indtall then stops hope this helps Are you sure routing is setup correctly back and forth? Besides that it somehow sounds like a mtu issue. Lower mtu's at both WANs (m0n0 and pfSense) to 1300. If that helps raise the values step by step until it breaks again and go back one step. I had a m0n0-pfSense tunnel from work to home for several month and was able to use my outlook at home connecting to the exchange server at the office without issues. Oh, wait… "Routes are in place"??? You don't need static routes. Only setup the tunnels. The routing is determined by the local and remote LAN of the tunneldefinition.

It is my understanding that we support everything that the freebsd kernel + racoon supports.  Feel free to supply diff's in unified format if this is not the case.

I have not seen a netopia vpn configuration screen yet but if you paste some screenshots I might be able to help you. Some vendors call some options different or break up the oprions into several screens that reference each other. Also logs of a connectionattempt could be useful.

Yepp I got the same problem and have anyone any clue to solve it??? Greetings, Marcel

i can see it on my keyboard, so I use them :-)

What happens if you increase the PFS key group setting to 2 on the second layer. I had this problem also, renewed the setup several times and now its gone (now using ESP-3DES-SHA1-PFS Key 2).

pfSense has openvpn.  I would imagine this would work fine with the push routes features?  Not sure, I don't even run OpenVPN but don't see why it wouldn't work.

Personally I would give OpenVPN a try over PPTP.

I would like to know that as well. My clients are using sim/smartcards to store an identifier and I'm wondering if I can read from those sims some sort of a key rather than a cert.

I was able to work around this by creating a port forward nat rule on the lan interface with the ip as ANY with the external port as http and internal ip/port as 192.168.0.12:8080 then i disabled the local squid proxy.

Broadcasting between the VPN users is possible with OpenVPN running in bridge mode (looking only at OpenVPN). OpenVPN implementation on pfSense seems to have some problems with that (as it looks to me when I'm reading through the articles) but one may proove me wrong here. I've tested OpenVPN in the lab in bridging mode and it did indeed worked fine with broadcasts. Never had the opportunity to test it with pfsense though.

So this would require a different class address? Sticking with non-routable addresses I couldn't quite figure out how to do something past 192.168.20.0 / 255.0.0.0 …

Thanks Bill, the problem has been resolved with your advice. I was thinking about this aliased ip situation from the wrong angle. thanks again for the support.

Sounds like the LAN to LAN might be L2TP? I dont believe pfSense supports this yet, perhaps in a few versions. Or you could try posting a bounty to help epedite the addition and support the project. Otherwise you could try IPSec between the two with DES/MD5 and small bit keys, maybe it supports those? I'd say try to figure out exactly how the Vigor 2800 does IPSec then have pfSense mimic those configurations.

you could try building binary package of vpnc and then sftp'ing  it over to the pfsense machine, and use pkg_add. if that doesn't work maybe you could build the binarys and use tarball to push them over? just a thought.