IPSec + OpenVPN client

Hugovsky

Maybe I'm doing someyhing wrong. I can use IPSec and can connect to pfsense from outside. If I enable one OpenVPN client in pfsense, IPSec dosn't conect anymore. Can't both be used at the same time?

PFsense 2.2.2 with 4GB
Intel Nics

Jun 1 21:35:25 	charon: 16[JOB] <4> deleting half open IKE_SA after timeout
Jun 1 21:35:08 	charon: 11[JOB] <3> deleting half open IKE_SA after timeout
Jun 1 21:35:07 	charon: 03[IKE] <4> looking for a route to xx.xx.xx.xx ...
Jun 1 21:35:07 	charon: 03[IKE] <4> looking for a route to xx.xx.xx.xx ...
Jun 1 21:35:07 	charon: 03[IKE] <4> old path is not available anymore, try to find another
Jun 1 21:35:07 	charon: 03[IKE] <4> old path is not available anymore, try to find another
Jun 1 21:35:07 	charon: 03[IKE] <3> looking for a route to xx.xx.xx.xx ...
Jun 1 21:35:07 	charon: 03[IKE] <3> looking for a route to xx.xx.xx.xx ...
Jun 1 21:35:07 	charon: 03[IKE] <3> old path is not available anymore, try to find another
Jun 1 21:35:07 	charon: 03[IKE] <3> old path is not available anymore, try to find another
Jun 1 21:35:07 	charon: 13[KNL] interface ovpnc1 activated
Jun 1 21:35:05 	charon: 13[NET] <4> sending packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (180 bytes)
Jun 1 21:35:05 	charon: 13[IKE] <4> received retransmit of request with ID 0, retransmitting response
Jun 1 21:35:05 	charon: 13[IKE] <4> received retransmit of request with ID 0, retransmitting response
Jun 1 21:35:05 	charon: 13[NET] <4> received packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (668 bytes)
Jun 1 21:35:01 	charon: 12[NET] <4> sending packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (180 bytes)
Jun 1 21:35:01 	charon: 12[IKE] <4> received retransmit of request with ID 0, retransmitting response
Jun 1 21:35:01 	charon: 12[IKE] <4> received retransmit of request with ID 0, retransmitting response
Jun 1 21:35:01 	charon: 12[NET] <4> received packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (668 bytes)
Jun 1 21:34:58 	charon: 12[NET] <4> sending packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (180 bytes)
Jun 1 21:34:58 	charon: 12[IKE] <4> received retransmit of request with ID 0, retransmitting response
Jun 1 21:34:58 	charon: 12[IKE] <4> received retransmit of request with ID 0, retransmitting response
Jun 1 21:34:58 	charon: 12[NET] <4> received packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (668 bytes)
Jun 1 21:34:55 	charon: 12[NET] <4> sending packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (180 bytes)
Jun 1 21:34:55 	charon: 12[ENC] <4> generating ID_PROT response 0 [ SA V V V V V ]
Jun 1 21:34:55 	charon: 12[IKE] <4> xx.xx.xx.xx is initiating a Main Mode IKE_SA

doktornotor

@Hugovsky:

Can't both be used at the same time?

No. https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site

Any IPSec tunnel that references the same pair of subnets configured for use in OpenVPN must be disabled. IPSec and OpenVPN do not conflict otherwise.

Hugovsky

damn… thanks. ;)

Hugovsky

Well… I've been trying to find a way for this configuration:

1 ipsec server
1 openvpn client

Only solution I see is to use openvpn only, right?