PFsesne is behind ISP ADSL modem
-
Typically consumer ADSL routers won't do what you're proposing. 'Bridge' mode usually means that the router uses the same IP address on the LAN interface as it gets from the ISP, so if you have (e.g.) a /29 subnet allocation from the ISP you will get x.y.z.1 =router x.y.z.2-6 for your use, and you can dole out those addresses via DHCP.
I have only ever seen the Draytek Vigor 120 which is a true 'bridge' - in effect a PPPoE / PPPoA media converter.
Have you looked at port-forwarding / DMZ options on your 'modem'? You don't necessarily need your pfSense WAN interface to be 'public' so long as the public traffic will reach it.
-
Closeau, i've that setup in one of our offices which works charm. but, this one i have tried to put ADSL modem in bridge mode, it's still in bridge mode by the way and PFsense doesn't get IP through DHCP. But it gets LAN IP if i enable dhcp on modem.
Jonallport, DMZ is on at the moment, PFsense deals with port forwarding and PFsense has a private IP which is on diff subnet from LAN IP. in this case, VPN is temperamental.
Let me know if you need more info. cheers -
-
It connects occasionally and disconnects automatically or It shows as connected at one end and disconnected at other end. cheers
-
Are both ends pfSense?
Do the settings match (!)? -
Yes, both ends PFsense and settings do match. thanks
-
Phase 1 proposal checking is set to?
-
see attached
-
Have you tried proposal checking=obey?
-
haven' tried it. thing is if I enable IPSec VPN and keep trying, the users cant use IPsec clients. so i have to do it out of ours. if it is up n running, they don't need IPsec clients. cheers