I have a similar issue. We successfully did the Phase 1 and Phase 2, from Pfsense (our side) to Checkpoing (Partner side). However, when we run and ping in telnet, keeps coming up with permission denied. Anyone here had this issue? The Public IP to Public IP is working fine, but the LAN to LAN just isn't connecting?

I have been testing DH group 19 and 20, but that resulted in "Peer to aggressive". Offcourse I had the same settings on both phase 1 and phase 2 and in Windows 10 and pfSense IKEv2 Mutual RSA config. Changed to DH Group 14, and that worked. What can be the reason?

That wouldn't ever work with L2TP/IPsec as the IPsec portion of L2TP/IPsec requires transport mode which only works with unique remote addresses. If you use a regular IKEv2 (e.g. EAP-MSCHAPv2) setup it should work fine. Or if you have multiple users at the same remote site that need to connect, consider a site-to-site VPN instead of relying on mobile connections.

So in case it helps anyone landing here, I found a solution in these: http://superuser.com/questions/966832/windows-10-dns-resolution-via-vpn-connection-not-working https://answers.microsoft.com/en-us/windows/forum/windows_10-networking-winpc/win-10-dns-resolution-of-remote-network-via-vpn/513bdeea-0d18-462e-9ec3-a41129eec736?page=4

I finally resolved this. I had to create a LAN Gateway on Site A side because I have two LAN subnets on this, 192.168.211.x/24 and 10.0.0.x/28. I was only concerned with the 10. subnet, so I created gateway for it only as probably traffic was trying to pass over the other LAN segment, not sure. (I am not great this stuff...) Then on the Site B router, I had to add a manual NAT for its LAN network to allow the 10.0.0.0/28 traffic over it. Now I can successfully reach all endpoints for both networks. Man, that was ALOT of work. Now I get why those crappy Cisco RV routers are so popular, as it seems it creates the NAT and routes for you. davige101

@realityman_ my opinion this is not pfSense... maybe do you have some dynamic firewall on the host the ban your IP?

@jimp Thank you!

@marcquark Thanks! It'll probably be a day or two before I can get over to the far side to try this but I'll let you know how it goes.

@froussy I have this kind of problem when PHP is eating all CPU on my pfSense (check my post). Is your CPU load ok when you have problems?

@trs_91 I've been running into the same issue. I haven't had time to troubleshoot it really (my workaround is to RDP into a local server then jump over the site to site from there) but I'm interested to see where this thread goes.

Hi, do you need any other information ? Thanks.