Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple IPSEC over UDP VPN clients connecting to same WAN IP through pfSense

    Scheduled Pinned Locked Moved IPsec
    5 Posts 2 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      s3v
      last edited by

      Situation:

      VPN Client +
      VPN Client +–-(LAN)---|PFSENSE 1.2.3 RC2|---(WAN)---+Public IP
      VPN Client +

      VPN client is Juniper Netscreen Remote, an IPSEC VPN client connecting to UDP500.
      On the public ip we have a Juniper Netscreen 25 on which NAT traversal is enabled (double checked).
      Pfsense has "Automatic outbound NAT rule generation (IPsec passthrough)" enabled, but we tried also with the other AON option.

      We cannot connect more then 1 client at a time with the public ip whilst from another network this works fine.
      Can somebody explain to me how to debug this situation or point me to documentation on this issue?

      This is the same question as posted in 2008 in topic http://forum.pfsense.org/index.php/topic,9842.msg55500/topicseen.html#msg55500.

      1 Reply Last reply Reply Quote 0
      • B
        bkm
        last edited by

        When you tried the AON option, did you check the static port box?

        1 Reply Last reply Reply Quote 0
        • S
          s3v
          last edited by

          I tried with an enable/disable of the option Static-port under "Firewall: NAT: Outbound: Edit : Translation".
          No luck with either.

          1 Reply Last reply Reply Quote 0
          • B
            bkm
            last edited by

            Do you have the option to create a tunnel from pfsense to the Netscreen 25 box instead of using the VPN clients? I'm just throwing out ideas.

            1 Reply Last reply Reply Quote 0
            • S
              s3v
              last edited by

              As we are going to connect to that public ip on a continuous basis that might be a good workaround, but a less preferred one.
              It would require me to read up on all the technical stuff because i have never established tunnels before and i'm a bit short on time.
              Not that i'm lazy :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.