PfSense IPSec Connection to D-LINK DFL-1100 ?

siri69

Hi,

are there special settings to get this running ?
I try to attach a few screenshots but seems to big.

hoba

I don't know the GUI of the dlink device but I have experienced different vendors using other terms for the various options. Try to get the screenshots online somehow (gif should be fine) and I'll try to guess the corrosponding settings ::)

siri69

OK just test some other settings,
now I think I get a VPN tunnel, but no ping is possibel from the pfsense router to the remote roter and back.
Think something wrong with the Firewall Settings ?
How must i configure them ? I dont want to route Local traffic to the WAN interface.

Company LAN is 172.16.180.0/24
pfSense LAN is 192.168.1.0/24

pfs1.jpg_thumb
pfs2.jpg_thumb
pfs3.jpg_thumb
pfs4.jpg_thumb

siri69

and here the DFL-1100 VPN Config

dfl1.jpg_thumb
dfl2.jpg_thumb

hoba

You are using a dyndns IP as destination at the dlink. Tunnels between dynamic IPs are not suported but there is an option to get it going (maybe, you have to try).
First of all, you have to use aggressive mode. main mode is only for static IPs at both ends.

At the pfSense end delete the tunnel definition. Then move to the tab "mobile IPSEC". Add your tunneldefinitions there and use the dyndns domain as identifier. Then save. Move to the "preshared keys" tab and add an identifier like "remote.site" and a "secret1234" there.
Apply all your settings. IPSEC still has to be enabled at the pfsense side though there are no static tunnels now anymore.

Then go to the dlink and use the dyndns domain name as endpoint along with mode agressive and the identifier and preshared key you entered at the pfsense end.

save all settings.

This MIGHT work (I have a similiar setup running with an IPSEC client as roadwarrior but it should/could work with a site-to-site connection too). ::)

siri69

Ok will try,
but the DFL-1100 has a static IP (and also static dns) (company)
so the pfSense should be the "mobil" client, or ?

1th Changed to aggressive mode,
but no ping between the networks..

pfs5.jpg_thumb

hoba

In that way the pfsense has the static tunnel definition. Check out this tutorial for some thoughts how the pfSense at the dynamic end has to be set up: http://pfsense.com/mirror.php?section=tutorials/mobile_ipsec/

siri69

ok thanks,
will work now also with static tunnel.
I have changed my lan IPs so routing is easyer..