Problems with IPSEC to multiple branches
-
Hi,
i hope you can help me with my problem:
I changed all the routers in my company through pfSense.
The branches all have fixed IP’s and are connected via IPSEC to the Headquarter.
We have a 2Mbit SDSL connection there. The branches all have ADSL connections with fixed IP’s (PPPOE) and different bandwidths. The traffic is normally really low because they work on a AS/400 (like a telnet program).
Here the configuration of the different tunnels, which are the same but the PSK
Interface: WAN
Local Subnet: LAN subnet
Remote Subnet: 192.168.x.0 /24
Remote Gatway: Filiale WAN IPP1
Mode: aggressive
Identifier: My IP Adress
Encryption: Blowfish
Hash: SHA1
DH: 2
Lifetime: 28800
Auth: PSKP2
Protocol: ESP
Encryption: Blowfish
Hash: SHA1
PFS: 2
Lifetime: 86400The Hardware in the HQ is a Intel 2,4 Ghz PC with 1GB RAM and 2 Nic’s
The branches have embedded ALIX machines from PCEngines.
Problem is, that the connection in the branches often breaks. Normally they reconnect fast, but the connections to telnet disconnect.
Please ask me about different logs you need to help me with this problem, because i don’t know exactly what is relevant.
After i installed the 4th banch, the PPTP Server on the HQ stopped working.
Any Ideas? I redirect PPTP to my W2k3 Server now.
I recognized that some Firewalls have no connection to the NTP Server.
Some do, some not (cannot reach pool.ntp.org eg.). Can the different date cause the problems with the connection problems (lifetime)?It would be great if someone could give me a hint or is interested in bringing up a solution for this problem.
Best regards
Patrick -
Hi Patrick,
Have you tried the bottom box to automatically ping host? -
yes i did (ping to remote gateway lan adress) but only from branch to HQ because branch has no full time connection