VPN site-to-site tunnel between VyOS and pfSense

cs9112 · Oct 17, 2017, 12:51 PM

Hi, I would like to create VPN tunnel site-to-site between VyOS and pfSense routers. When I created a configuration between devices, connection is established but tunnel is not up. What I should to change? I can ping from pfSense to VyOS and vice versa. VyOS ip: 192.168.2.1/24 PFsense ip: 192.168.2.33/24

Config VYOS

vpn {
ipsec {
    esp-group ESP-1W {
        compression disable
        lifetime 1800
        mode tunnel
        pfs enable
        proposal 1 {
            encryption aes256
            hash sha1
        }
        proposal 2 {
            encryption 3des
            hash md5
        }
    }
    ike-group IKE-1W {
        ikev2-reauth no
        key-exchange ikev1
        lifetime 3600
        proposal 1 {
            encryption aes256
            hash sha1
        }
        proposal 2 {
            encryption aes128
            hash sha1
        }
    }
    ipsec-interfaces {
        interface eth1
    }
    site-to-site {
        peer 192.168.2.33 {
            authentication {
                mode pre-shared-secret
                pre-shared-secret test_key_1
            }
            connection-type initiate
            default-esp-group ESP-1W
            ike-group IKE-1W
            ikev2-reauth inherit
            local-address 192.168.2.1
            tunnel 1 {
                allow-nat-networks disable
                allow-public-networks disable
                local {
                    prefix 192.168.40.0/24
                }
                remote {
                    prefix 192.168.60.0/24
                }
            }
        }
    }
}
}

Config pfSense

barnettd · Oct 18, 2017, 3:49 PM

On phase 2 config at pfsense, try specifying a network instead of LAN subnet.

mikee · Oct 19, 2017, 11:37 PM

You are not showing the phase2 config you are using in the pfSense and that is what it is failing.