Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hi, i am a newbie, i built ipsec between pfsense and pfsense.but i found a bug

    IPsec
    2
    3
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      blackjack550
      last edited by

      hi,
        i test ipsec between pfsense 1.2.3-release and pfsense 1.2.3-release in vmware.  but i can't build tunnel. all of configure has been setup successful.  so  i use

      ifconfig gif0 create
ifconfig gif0 [intra-src.] [intra-dst.]
ifconfig gif0 tunnel [extra-src.] [extra-dst.]

      then, i  can build tunnel.    but  i can't reboot server.  as the tunnel will be disappered.
      is this a bug of pfsense?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        IPsec tunnels work fine on their own, you do not need to manually create any gif interfaces. It's more than likely a configuration bug, but we need a lot more detail about the settings you are trying to use on the tunnels to be sure.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B
          blackjack550
          last edited by

          thx for reply

          my environment is in  vmware. i started four virtual server. the two is pfsense, another two is client.  the network of pfsense is bridged and customed .

          i found it have a tunnel device named by enc0.
          my config is follow:
          VPN: IPsec: Edit tunnel

          Mode Tunnel tunnel
          Interface  WAN
          DPD interval  seconds
          Local subnet Type:    LAN subnet
          Remote subnet  192.168.2.0/ 24
          Remote gateway  10.48.255.252

          Phase 1 proposal (Authentication)
          Negotiation mode  main

          My identifier  My IP address 
          Encryption algorithm  AES-256
          Must match the setting chosen on the remote side. 
          Hash algorithm  SHA1
          Must match the setting chosen on the remote side. 
          DH key group 2
          1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit
          Must match the setting chosen on the remote side. 
          Lifetime  28800 seconds
          Authentication method  Pre-shared key
          Must match the setting chosen on the remote side.
          Pre-Shared Key  xxxxxxx

          Phase 2 proposal (SA/Key Exchange)
          Protocol  ESP
          ESP is encryption, AH is authentication only 
          Encryption algorithms 
          AES-256

          Hint: use 3DES for best compatibility or if you have a hardware crypto accelerator card. Blowfish is usually the fastest in software encryption. 
          Hash algorithms  SHA1

          PFS key group  2
          1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit
          Lifetime  seconds

          other server:
          VPN: IPsec: Edit tunnel

          Mode Tunnel tunnel
          Interface  WAN
          DPD interval  seconds
          Local subnet Type:    LAN subnet
          Remote subnet  192.168.0.0/ 24
          Remote gateway  10.48.255.251

          Phase 1 and Phase 2 as same as the first host.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.