Pfsense - Non pfsense IPSEC VPN…. not working....
-
Connection is getting established and then it is getting disconnected…... As the Keep alive is not able to reply. How do I specify the "nexthop" value in pfsense ? Probably, I may get it right, if I can specify the NEXTHOP....
Any clues ?
-
Please retest with "my identfier = my ipaddress = BLANK" on the pfsense side…
-
Thanks for your reply Heiko…
I have enclosed the screen shot of the VPN Page... this is my settings..... Still not able to ping
-
Again, is this a test ipsec situation and you are on one switch?
-
No Boss…. Pfsense device is UAE and the other device is in Germany..... not a test environment....
-
Do you have rules for icmp on your lan side? The lan rule tab manages the outgoing traffic, the ipsec rule tab manages the incoming traffic from the other ipsec endpoints.
And "ERROR: no iph2 found" , is this a NAT Traversal scenario? NAT-T will be supported in 1.3, not 1.2. Your next hop on your pfsense-ipsec is your WAN IP, all routes for ipsec
will be generated behind the scenes. -
ICMP is allowed…. as there is one more tunnel established with another pfsense device.... and it is working fine... no problem.... The one which is not working is with non pfsense device on the other side....
-
What hardware/software system is the non pfsense system?
- Did you try other and different lifetimes for phase 1/2?
- Is compression enabled on the non pfsense device, if yes, please disable.
- Can you test with "agressive" mode
- try AH, not ESP for testing
Regards
Heiko -
Thanks for those Tips. I will test it out and keep posted. The non pfsense device is in different continent and those people (New Business Partners) are reluctant to give any details…. Trying to get (extract) more information about the other side....
-
Solved….. after going through the settings (Got them finally) on the other (Non PFSENSE) side... found that ICMP port is blocked.... So, keep alive fails and the tunnel gets closed.... and ping is not possible....
-
fine