@movIT You are probably limited by the GUI. You could go here : Status > System Logs > Settings and change [image: 1725431946352-c5dad0b9-bcbc-4136-8867-484d78c846fc-image.png] to something a bit bigger. Check also this : [image: 1725431976584-4280c79f-7433-4ea4-b1c1-6f317c100f08-image.png] where you can set overall log file size. If you have many G bytes to spare, you can make these files a bit bigger. On very small devices : be carefull. But you can also apply the "IT" way : you don't care about GUI ... go native access right away. Go to the source. Use the console, or, like everybody else, use the SSH access, and look her /var/log/ as that is the place where logs are stored on nearly every "computer" on planet earth. You'll find the system.log file. Btw : typically, I have 20-30 lines a day in the System log file. So "only the last 5 minutes worth" is pretty strange : what is happening in there that your pfSense logs that much ? ? Massive logs == normally : an indication something not-ok is going on.

@netgate-powdered559 And the page works if you access it directly from the lab and from the internet if the latter is even possible?

@optimusprime I apply in this option: [image: 1724847936234-d15f6b0e-dc4f-4612-9973-a628ee43d373-image.png] [image: 1724847911969-8d1c5b5b-af44-4ef6-aa5f-1b5f3cfd3100-image.png]

@bkhiatt Are all phase 2 shown up as connected in Status > IPSec? Please post Status > IPsec > SPDs of all three sites.

@SteveITS said in MacOS VPN import: Most of my Mac experience was on System 6/7. :) The double click started the import but didn't open anything. Ouch! Really ??? So welcome and try “the *nix with a human face”! ;)

@isaaclondo09 If only there was logs provided to help us help you

@viragomann Thank you! Do you know if the VPN will disconnect and reconnect if I add the second phase 2? I don't want to cause any disruption when I try it.

@viragomann Thank you so much, It's 100% correct I figured it out that's exactly what I have done now. And yes it's only access from one side. Thanks again appreciate your time

@oscar-pulgarin "Any" just accepts any identifier. So it isn't verified. By default IPSec use the interface address, which it is connecting through, as identifier and for incoming connections it expects to see the remote gateway IP. However, since the endpoint gateway is behind a router, IPSec uses the internal IP 10.206.0.14, which your site doesn't expect and drop the connection. But IPSec allows you to state a certain identifier IP. Also there are different identifier types. So if the remote site is behind a NAT router there should be stated its public IP as its identifier. Anyway if you have stated a certain remote gateway, IPSec only allows connection from this IP. So I don't think, "any" for the remote identifier is a security risk here. But you can request them to configure their IPSec properly to use the public IP as identifier, or just enter 10.206.0.14.

@humaxoid None of these. Best method is to add a phase 2 to the site-to-site for the mobile tunnel network. Remember to do this on both sites. Also ensure that the remote network is routed over the mobile IPSec.

I also noticed this Why the ID says "any identifier" if I established the IP in both? [image: 1723251693398-d9a3b80c-6d46-495e-abc2-20f99c573b89-image.png]

@datacare There are no responses from the opposite end. Remeber IKE uses UDP, and can transmit several packets it considers “data” without any preceeding “connection” being made as with TCP. Notice there are no packets recieved from the other end - so you need to investigate that, and why :-)

@planedrop don't load pn the ipsec tunnel.