Looking for help on installation. Will make a guide afterwards.
-
Well all of the IPSec setups I have done, Req. 2 worked by default, though I had the auto config of VPN rules option enabled.
What do the logs say? Under Status>System Logs>IPSec VPN
-
I am not there yet. I need help on the static routes for this scenario first.
But so far the Colo device says:
Nov 21 03:56:22 racoon: [Self]: INFO: <device wan="" address="">[500] used as isakmp port (fd=15)
Nov 21 03:56:22 racoon: [Self]: INFO: 1<device lan="" address="">[500] used as isakmp port (fd=14)
Nov 21 03:56:22 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13)
Nov 21 03:56:22 racoon: [Self]: INFO: 192.168.5.1 (not sure where this is coming from)[500] used as isakmp port (fd=12)
Nov 21 03:56:22 racoon: INFO: unsupported PF_KEY message REGISTERAnd here are the Main Site logs:
Nov 20 08:49:14 racoon: [Self]: INFO: <device wan="" address="">[500] used as isakmp port (fd=15)
Nov 20 08:49:14 racoon: [Self]: INFO: 1<device lan="" address="">[500] used as isakmp port (fd=14)
Nov 20 08:49:14 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13)
Nov 20 08:49:14 racoon: INFO: unsupported PF_KEY message REGISTER</device></device></device></device> -
Why do you want static routes? Just cause? It should route automatically via IP address (unless you access them via DNS), otherwise you go to System>Static Routes
For the entry it would be the devices DNS name and the IP of the device -
Even when the PFsense devices are not the default gateway? It was my understanding that there had to be static routes in place when they are not.
-
Yes that is true.
You add it under System>Static Routes
-
What would those entries be in this scenario?
-
So at each location its:
1: WAN->Router(this is the WAN Network)->pfSenseWAN->pfSenseLANYou need to add a static route at the main router that points the network at the main site for the colo to the pfSense box.
COLO
Destination Network:192.168.1.0 /24
Gateway: 172.32.128.236
Main Site
Destination Network: 192.168.2.0 /24
Gateway: 100.192.224.248 -
This is covered in more depth in the book
-
Still nothing.
I added the rules on the WAN interface and I still see no activity.
-
this is done on the device that is the default gateway not pfSense.
If you made the change at this device then see what the IPSec logs say
-
Still no dice. Are these devices flaky when they are running virtually?
-
there are quite a few people running pfSense in a VM (I dont)
I would suggest doing a traceroute, and looking at the logs on all systems (default gateway, pfSense) as it sounds like the route is not being forwarded/routed to the pfSense system, but the VPN is up.