Without a public ipv4 address i see no chance.

That's a clear answer.
Thanks Jim! :)

Then i have to wait until my provider supports ipv6 native.
It should possible with 2 pfsense then.

Many Thanks

Have a nice evening.

Regards
Alitai

Just found out that this should not be there:

Remote Network (If using a Tunnel mode):

This option (only present for non-mobile tunnels) specifies the IP Address or Network that exists on the other (remote) side of the VPN. It operates similarly to the Local Network option mentioned previously.

Removed everything and now the field is not longer there.

Problem solved!

Thanks

Regards
Alitai

Makes sense.

And thanks for posting your solution. Many people end up fixing their problems and don't come back to update their post to help other people in the future.

@derelict

I agree with you, since I have configured others tunnels with different suppliers to Oracle without use that requirement, but I saw some intermittencies.

Thank you,
Ernani

Finally I have resolved with the installation of various packages:

network-manager-strongswan (I have to download and install the 1.4 version because the stock package, 1.3, has a bug) strongswan-plugin-eap-mschapv2 strongswan-plugin-eap-radius strongswan-starter libcharon-standard-plugins libcharon-extra-plugins libstrongswan-standard-plugins libstrongswan-extra-plugins

Remember to restart the client before try the connection.

Marco

Try IKEv2 and another my/peer identifier than ip address. I choose a KeyID tag and created names that identified the two sites.

I don't know what is happening on the other side. I will ask the remote side network administrator. There is same configurations on both sides. What could be the problem in your opinion?

@timmzahn said in IPSec Down after Upgrade to 2.3:

ou ever find a more elegant solution to the issue, or are you sti

I know this topic is old, but since I found it via google I will post my solution.

I did replace OpenBGP with FrrBGP. I have been able to restore my IPSEC tunneling with AWS and also use the BGP services on PfSense for my needs.

That would be information I would expect to be provided. If not, then that's OP's problem and will only delay assistance.

That is either Status > IPsec or the IPsec dashboard widget querying the status of the IPsec process.

Yes, it's normal.

Bummer, it does add a noticeable amount of throughput on my line, which is bandwidth limited and has a monthly data cap.

Still, with the preference setting turned into a no-op, did anyone actually try if it would work? There have been substantial changes in the underlying software, that it may work, after all, in a time long ago, it used to work fine, too.

@roofus Actually is the best option

@Derelict Here is the configuration on pfSense 2
0_1536655450343_df519efa-fcf2-4e62-bf5b-b8a6eb0bb586-image.png

And the route installed when IPSec tunnel established:
0_1536655372719_dd01880e-a2c7-45fc-99ec-37120a8fc244-image.png

0_1536655234803_e03a4e29-caf4-4b6a-a939-cd070be93969-image.png

Awesome. Please post back if you see continuing issues.