Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense 2.0 <–-> 2.01 IPsec VPN

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z Offline
      zounder1
      last edited by

      I'm currently struggling to get an PFsense 2.0 <–-> 2.01 IPsec vpn going.

      I am new with PFsense but have extensive experience with IPsec VPNs so I am quite comfortable with setup.

      So here goes:
      Box1 PFsense 2.0
      Box2 PFsense 2.01

      Box1 is configured for two VPNs.
      VPN1 -->  Dedicated vpn with an IPcop box.  This connection works perfectly
      VPN2 -->  Trying to connect Box1 and Box2.

      Box2 is configured for one VPN
      VPN1  --> Trying to connect Box1 and Box2

      I have read in some posts to add an entry in the Firewall--IPSec section, but I really question why I should have to do that manually.  The VPN created between Box1:PFsense--IPCop has no entries in the Firewall-IPSec section and things work perfectly fine there.  (Pinging between the two networks is fine.)  So why should I need to create a manual entry in one instance and not in another?  It would appear that IPsec created an appropriate firewall rule with the IPcop VPN.

      So, before I get into anymore details, I would like to ask.  Is anyone running an IPsec VPN tunnel between PFsense 2.0 and 2.01?  I just want to check and see if this is possibly simply a version problem.

      I ask as the settings seem to be perfect for the setup.  The VPN even says is it up, but simple pinging between the two networks does not work.

      1 Reply Last reply Reply Quote 0
      • M Offline
        maldex
        last edited by

        Does only pinging or also TCP/UDP work? (sorry i had quite some hard time with ICMP at first and always also check telneting s/t).

        Did you maybe upgrade Box1 <-> IPcop configuration from a 2Beta and created the Box1 <-> Box2 on 2.0? I might saw the same between 2.0 and 2.0 a while ago, but we just redid this particular installation fresh with 2.01. So can't entirely confirm.

        On the other hand i really appreciate this feature :). Is this then a problem for you or are you just wondering?

        cheers
        Josh

        1 Reply Last reply Reply Quote 0
        • C Offline
          cmb
          last edited by

          The IPsec rules control what traffic is permitted inbound from the VPN, it's always required if you want to permit any traffic in over the VPN.

          1 Reply Last reply Reply Quote 0
          • Z Offline
            zounder1
            last edited by

            @cmb:

            The IPsec rules control what traffic is permitted inbound from the VPN, it's always required if you want to permit any traffic in over the VPN.

            Thank you.  That helped.  I was perplexed as my VPN pfSense <–-> IPCop* was working from the pfSense network to the IPCop network.  (And that is the direction of most traffic) But when I checked the network from IPcop to pfSense it was was not working.

            I added some IPSec firewall rules in pfSense and things started working fine!

            Thanks again.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.