Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec between 2 pfSense 2.0 Boxes with DynDNS

    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    4
    3.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jrussell05
      last edited by

      OK.  I've been beating my head against the wall for too long now with this.

      The problem is clearly with the Phase 1 negotiation.  I just can't seem to pick the right combo of Identifier and PSK.

      I've tried My IP Address.  I get the error  WARNING: unrecognized route message with rtm_type: 4

      I've read all the various tutorials and posts.  Is there something with the setup in pfSense 2.0 that is unique?

      Any suggestions?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Not sure what it might be, if you use a hostname as the peer IP, then you should use "my IP address" as the identifier type (usually).

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • J
          jrussell05
          last edited by

          OK.  Let me be more specific.  I have to pfSense 2.0 boxes, both of which use DynDNS to resolve their hostnames.  In the setup for the "Server" I have all of the typical selections made as per the tutorials (which are for version 1.2).  On the server side you have ONLY a dropdown box for 'My Identifier' with the following options:

          My IP Address
          IP Address
          Distinguished Name
          User Distinguished Name
          ASN.1 Distinguished Name
          KeyID Tag
          Dynamic DNS

          If you select My IP Address, the entry box next to it goes away.  That's it.  When you go to Pre-Shared Keys tab, you can only enter ONE Identifier and PSK combination.  My specific question would be what should I put as my Identifier?  My IP address, which is dynamic?  My hostname?

          Now on to the 'Client'.  On the client side, things are different.  You have selections for My Identifier and Peer Identifier.  As well, you have an entry box for Pre-Shared Key.  The selections for My Identifier are the same as those for the 'Server'.  The selections for the Peer Identifier are the same except Dynamic DNS is missing.  So what do I do here?  What do I select?  What do I put as the PSK?  The same PSK that I put in the Server Identifier/PSK combo?  If that's the case then what do I do on the Pre-Shared Key tab?  Because here, on the Client side, I can enter multiple Identifier/PSK combos.  What do I put as my Identifier?  Which PSK do I match with on the Server side?  Or, do I even have to put an entry here?

          I'm sorry for sounding so stupid.  I'm not an IT expert, but I have set up other VPNs using Cisco and other hardware and not had this level of frustration.  I just can't spend any more time 'shooting in the dark'.

          Thanks again.

          1 Reply Last reply Reply Quote 0
          • J
            jrussell05
            last edited by

            OK.  I found the problem.  Fixed, working now.

            The problem was that I followed the tutorial for the Mobile client setup initially.  Which is what I had set up before with Cisco equipment.  However, in reality, what I wanted was a Site2Site setup between two boxes with dynamic IPs.

            Once I went back and started over and didn't enable Mobile Client Support on the 'Server' side, everything fell into place.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.