Looking for help on installation. Will make a guide afterwards.

Ilikethisdevice

Not really. It only helps to a point. It is generalized.

This is a scenario here which is much more useful.

XIII

Well all of the IPSec setups I have done, Req. 2 worked by default, though I had the auto config of VPN rules option enabled.

What do the logs say? Under Status>System Logs>IPSec VPN

Ilikethisdevice

I am not there yet. I need help on the static routes for this scenario first.

But so far the Colo device says:

Nov 21 03:56:22 racoon: [Self]: INFO: <device wan="" address="">[500] used as isakmp port (fd=15)
Nov 21 03:56:22 racoon: [Self]: INFO: 1<device lan="" address="">[500] used as isakmp port (fd=14)
Nov 21 03:56:22 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13)
Nov 21 03:56:22 racoon: [Self]: INFO: 192.168.5.1 (not sure where this is coming from)[500] used as isakmp port (fd=12)
Nov 21 03:56:22 racoon: INFO: unsupported PF_KEY message REGISTER

And here are the Main Site logs:

Nov 20 08:49:14 racoon: [Self]: INFO: <device wan="" address="">[500] used as isakmp port (fd=15)
Nov 20 08:49:14 racoon: [Self]: INFO: 1<device lan="" address="">[500] used as isakmp port (fd=14)
Nov 20 08:49:14 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13)
Nov 20 08:49:14 racoon: INFO: unsupported PF_KEY message REGISTER</device></device></device></device>

XIII

Why do you want static routes? Just cause? It should route automatically via IP address (unless you access them via DNS), otherwise you go to System>Static Routes
For the entry it would be the devices DNS name and the IP of the device

Ilikethisdevice

Even when the PFsense devices are not the default gateway? It was my understanding that there had to be static routes in place when they are not.

XIII

Yes that is true.

You add it under System>Static Routes

Ilikethisdevice

What would those entries be in this scenario?

XIII

So at each location its:
1: WAN->Router(this is the WAN Network)->pfSenseWAN->pfSenseLAN

You need to add a static route at the main router that points the network at the main site for the colo to the pfSense box.

COLO
Destination Network:192.168.1.0  /24 
Gateway: 172.32.128.236
Main Site
Destination Network: 192.168.2.0  /24
Gateway: 100.192.224.248

XIII

This is covered in more depth in the book

Ilikethisdevice

Still nothing.

I added the rules on the WAN interface and I still see no activity.

XIII

this is done on the device that is the default gateway not pfSense.

If you made the change at this device then see what the IPSec logs say

Ilikethisdevice

Still no dice. Are these devices flaky when they are running virtually?

XIII

there are quite a few people running pfSense in a VM (I dont)
I would suggest doing a traceroute, and looking at the logs on all systems (default gateway, pfSense) as it sounds like the route is not being forwarded/routed to the pfSense system, but the VPN is up.