Please add compression support for ipsec $200
-
@mxx:
Tried with shrewsoft?
Yes, it is successfully negotiate with both ipcomp turned on and off but only if pfSense acts as a server for Mobile Client. I did not manage to make shresoft client to work with pfSense in site-to-site tunnel mode.
-
Hi,
this is great news. If you've gotten this far, I'm sure you'll succeed with the remaining site-to-site mode as well ;)
-
@mxx:
Hi,
this is great news. If you've gotten this far, I'm sure you'll succeed with the remaining site-to-site mode as well ;)
Hi,
I am afraid it's not about me, it is about shrewsoft client - it just does not want to negotiate in site-to-site mode and to be honest I do not see how it is expected to work using threwsoft client. You install it on your PC and vpn into the office, that works.
As far as I understand you use other software/equipment, why don't we return to your set up? -
Hi,
thanks for your reply.
I'm using several Lancom 1811 VPN gateways to build site-to-site tunnels with a central pfsense box.
This of course is a setup you can't test as long as you don't have such a device.Is there no way to verify if a tunnel between 2 pfsense boxes is actually effectively using ipcomp?
If that works, it will work with the Lancoms too.. -
Or do you have any other hardware vpn gateway which you could use for testing?
When I setup ipcomp (using deflate) on the Lancoms, they won't connect if the other side isn't using it. -
@mxx:
Is there no way to verify if a tunnel between 2 pfsense boxes is actually effectively using ipcomp?
If that works, it will work with the Lancoms too..I have configuration that allows two pfSense boxes to set up tunnel with ipcomp in SPDs but I do not know a method to prove that ipcomp is actually 'in use' when passing traffic as I do not see any compression.
-
@mxx:
Or do you have any other hardware vpn gateway which you could use for testing?
When I setup ipcomp (using deflate) on the Lancoms, they won't connect if the other side isn't using it.We can try to configure pfSense in the way I did and if it works with Lancoms then we can think about adding this feature to GUI.
-
Okay, good idea.
How would we do this? -
@mxx:
Okay, good idea.
How would we do this?Now I am busy at work but I'll pm you later and we'll agree on when and how.
-
Ok, being busy too, won't be able to do the test until tomorrow