Pfsense multiwan and ipsec tunnels
-
Hi
It worked.
Thank you very much for your help.
psunix
-
Hi,
I've got the same problem with 1 IPSec on WAN and 1 IPSec on WAN2. The first work perfectly but the second don't. I use PfSense 1.2-release.
Did you put any specific firewall rules (on LAN or WAN2) for do this ?
I put a static route : <wan2>- <remote 32="" gateway="">via <the gateway="" of="" my="" wan2="">but it doesn't work… :-[
I can't see anything in the IPSec log for the second tunnel on WAN2...Thanks
Simon</the></remote></wan2> -
I set the route up like this:
IF=LAN, Network=remoteIPsecEndpoint/32, gateway=GatewayofWAN2 -
Yes i did that, but it's still doesn't work…
I can't see anything of my IPSecOnWan2 on the IPSec logs...
Do you think the problem is in the firewall rules ?Thank you for your response. :)
Simon
There is my conf :
IPSec Tunnel
Interface : OPT1
Remote GW : 80.x.x.xFirewall rules on LAN
Lan net -> default GWStatic routes
OPT1 - 80.x.x.x/32 - OPT1 GW -
Try using LAN as the interface for the static route.
-
Try using LAN as the interface for the static route.
i did. still doesn't work… :(
There is my racoon.conf file :
$ cat /var/etc/racoon.conf
path pre_shared_key "/var/etc/psk.txt";path certificate "/var/etc";
There shouldn't have something here?
-
That's the entire file??
The lines themselves look fine, but you should have the tunnel config following that.
Something like:
remote 1.2.3.4 {
exchange_mode aggressive;
my_identifier address "5.6.7.8";peers_identifier address 1.2.3.4;
etc, etc…. -
That's the entire file??
The lines themselves look fine, but you should have the tunnel config following that.
Something like:
remote 1.2.3.4 {
exchange_mode aggressive;
my_identifier address "5.6.7.8";peers_identifier address 1.2.3.4;
etc, etc….Yes that's the entire file…
i don't know why but if i choose the WAN interface for a tunnel, then i've got a correct racoon.conf file (with "remote 1.2.3.4 {" things) and my tunnels work fine.
If i choose the OPT interface for my tunnel, nothing change in the racoon.conf file... i just can see the remote address ("1.2.3.4") in the psk.txt file...Is there a log file that i could check ?
Thanks for help :)
-
I'm out of ideas at this point. Why don't you post the <ipsec>section of your config?</ipsec>
-
I'm out of ideas at this point. Why don't you post the <ipsec>section of your config?</ipsec>
Because i have lot of IPSec config, i'm sure about this part and i checked it 100 times…
I'm trying to know why the conf file doesn't update.
