@craigerr1 is P2P? Mobile? Have u open the rules in both sides to allow traffic on your firewalls->rules->ipsec? Regards!!!

@arobin Depends what you're trying to achieve. You didn't mention at all. Your existing rules on A allows access from site B 10.0.10.0/24 to site A 10.100.1.0/24. However, there is additionally a rule on DMZ at B needed for passing traffic to the remote site.

@alejjime Reviewing the pfSense configuration of my Azure network, I noticed the time zone was different than that of my client's servers, and I have already changed it, as well as that of my Windows server with the SFTP application, so they are already synchronized with my client's servers. I made that adjustment thinking that the date/time difference might generate an asynchrony problem, but the problem persists.

@artooro said in IPSec hang with 11 P2s: It looks like it will be quite awhile before 2.6.0 is ready for release though. So we may have to revert to 2.4.5 in the meantime. Target for release is early next month, it's really almost done except for a few items still being worked on. Overall I'd say it's likely to be more stable than 2.5.2 for many, especially in terms of IPsec.

@nocling said in IKE2 EAP-MSCHAPv2 send pfsense DNS but windows client won't use it.: http://woshub.com/dns-resolution-via-vpn-not-working-windows/ Interesting article, I have try and works...thanks for the info!!!

This is now sorted! Outbound NAT rules a small step that doesn't seem to be mentioned in the docs

Hello, I fixed this by applying the patch listed here: https://redmine.pfsense.org/issues/11933 Thanks.

@rostyslav-didus 4.For some reason after pfsense reboot,it doesn't bring up Chield SA entries. Maybe,I haven't noticed some mark to bring it up automatically? [image: 1637237780539-240-18-11-21.png]

@cswroe thanks for quick reply I appreciate it. maybe you could give a hint regarding load balancing algorithm in case with specific remote LAN reachable behind two separate tunnels? will it be ECMP? [image: 1637195383411-pfsense-p2.png]

OK, I found this answers my question: https://forum.netgate.com/topic/113227/ikev2-vpn-for-windows-10-and-osx-how-to In short, it needs a workaround - add-vpnconnectionroute. Thanks Adrian

@viktor_g Thanks - i'll give that a try

Hello, Kind reminder :)