Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec VPN stops working completely if multiple connection made from same site

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Aziz
      last edited by

      Hi,
      I have successfully set up IPSec VPN and got it working. When I try the mobile client VPN from home (using Shrew) it works. But if I try from two different computers from my home it stops working for both (even though tunnel is up, can't route any traffic) even though they are using different identifiers. Even if I disconnect both computers and only try one, that one doesn't work at all until I reboot PFsense at my workplace (removing the state pertaining to the VPN connection doesn't work, it just keeps coming back).

      Is this a bug, or is meant to be like this? How can I get around this?

      I will have 5 people connecting mobile client VPN from the same site to our company PFSense machine. I'm using PFSense 2.0 RC1

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Do you have NAT-T forced on the clients? It may be that they're all trying to use udp/500 and ESP and the router you are behind that the other location isn't handling that well.

        A reboot shouldn't be needed, you can just restart the racoon process under Status > Services.

        If you have more than one mobile client at a given site, a site-to-site tunnel would be better than multiple mobile clients.

        Failing that, ditch IPsec and use OpenVPN remote access clients. They don't have any of the clunky limitations of IPsec.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • A
          Aziz
          last edited by

          In Shrew VPN I have NAT traversal set to enable, not force. I can't set up a site to site VPN as the other location the mobile clients are based in is not managed by us. I think I will give OpenVPN a try. Thanks.

          1 Reply Last reply Reply Quote 0
          • S
            spiritbreaker
            last edited by

            Hi,

            i got same issue with multiple connection from one site in PSK mode.

            u create multible users with preshared keys right? u use different user profiles for connection right?

            Racoon dont create new SA when second user connect. So no traffic passes the tunnel.

            this worked for me:

            Switch to Mutal PSK + xAuth in phase1.

            Users are promted for password then, but it works fine.

            cya

            Pfsense running at 11 Locations
            -mobile OPENVPN and IPSEC
            -multiwan failover
            -filtering proxy(squidguard) in bridgemode with ntop monitoring

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.