-
Hello. I'm trying to set up an IPSec VPN in pfsense. The goal is to connect a pfsense (client) to another pfsense (server) configured as follows: https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html. So my question is: how can I set vips property from the web GUI of pfsense? @jimp
-
This post is deleted! -
V viktor_g moved this topic from CE 2.6.0 Development Snapshots (Retired) on
-
I was recently struggling on the same issue, every strongswan doc about my intended setup says I need to set
leftsourceip=%config(into ipsec.conf. which is .vips in swanctl.conf).As far as I understand I can't simply edit the strongswan config manually otherwise they would get overwritten. Could you provide any advice about hot to get this working?
Restricting the local (pfsense side) site subnet to a single address in tunnel mode does not work because (as per strongswan doc's warning) that address is not installed on the tunnel. The VTI mode somehow "works" because that "local" address gets set on the virtual interface but the CHILD_SA local subnet is not getting restricted to that single address and ofc I can't restrict this from the remote responder since that phase2 conf is made to match many pfsense roadwarriors, not just a single one.
-
