Pfsense multiwan and ipsec tunnels

psunix

Wow, thanks for your fast answer.
No, I didn't setup a static route.
I test this an I will report back here.

psunix

Hi

It worked.

Thank you very much for your help.

psunix

simonc

Hi,

I've got the same problem with 1 IPSec on WAN and 1 IPSec on WAN2. The first work perfectly but the second don't. I use PfSense 1.2-release.
Did you put any specific firewall rules (on LAN or WAN2) for do this ?
I put a static route : <wan2>- <remote 32="" gateway="">via <the gateway="" of="" my="" wan2="">but it doesn't work…  :-[
I can't see anything in the IPSec log for the second tunnel on WAN2...

Thanks
Simon</the></remote></wan2>

dotdash

I set the route up like this:
IF=LAN, Network=remoteIPsecEndpoint/32, gateway=GatewayofWAN2

simonc

Yes i did that, but it's still doesn't work…
I can't see anything of my IPSecOnWan2 on the IPSec logs...
Do you think the problem is in the firewall rules ?

Thank you for your response. :)

Simon

There is my conf :
IPSec Tunnel
Interface : OPT1
Remote GW : 80.x.x.x

Firewall rules on LAN
Lan net -> default GW

Static routes
OPT1 - 80.x.x.x/32 - OPT1 GW

dotdash

Try using LAN as the interface for the static route.

simonc

@dotdash:

Try using LAN as the interface for the static route.

i did. still doesn't work… :(

There is my racoon.conf file :

$ cat /var/etc/racoon.conf
path pre_shared_key "/var/etc/psk.txt";

path certificate  "/var/etc";

There shouldn't have something here?

dotdash

That's the entire file??
The lines themselves look fine, but you should have the tunnel config following that.
Something like:
remote 1.2.3.4 {
          exchange_mode aggressive;
          my_identifier address "5.6.7.8";

peers_identifier address 1.2.3.4;
etc, etc….

simonc

@dotdash:

That's the entire file??
The lines themselves look fine, but you should have the tunnel config following that.
Something like:
remote 1.2.3.4 {
           exchange_mode aggressive;
           my_identifier address "5.6.7.8";

peers_identifier address 1.2.3.4;
etc, etc….

Yes that's the entire file…
i don't know why but if i choose the WAN interface for a tunnel, then i've got a correct racoon.conf file (with "remote 1.2.3.4 {" things) and my tunnels work fine.
If i choose the OPT interface for my tunnel, nothing change in the racoon.conf file... i just can see the remote address ("1.2.3.4") in the psk.txt file...

Is there a log file that i could check ?

Thanks for help :)

dotdash

I'm out of ideas at this point. Why don't you post the <ipsec>section of your config?</ipsec>

simonc

@dotdash:

I'm out of ideas at this point. Why don't you post the <ipsec>section of your config?</ipsec>

Because i have lot of IPSec config, i'm sure about this part and i checked it 100 times…
I'm trying to know why the conf file doesn't update.