IPSEC using VIP Alias (PPPoE) - PFSense 2.1
-
HI Guys,
Using PFSense 2.1. I'm having trouble getting IPSEC to work using a virtual IP Alias given by our ISP.
I currently have an IPSEC link working using the standard WAN (PPPoE)
I also know that the VIP Alias can work because if I set up a 1:1 nat mapping to another ip on my network it works correctly.
When configuring the IPSEC link in the GUI i am selecting the VIP as the interface - all other settings are equivalent and working on the standard WAN interface.
When I attempt to start the IPSEC connection it gives me the following errors:
racoon: ERROR: phase1 negotiation failed due to send error
and then tells me there is no phase1 connection etc
Has anyone got an VIP Alias to work with IPSEC?
I think its the same as this unresolved post
https://forum.pfsense.org/index.php?topic=36662.0
And this mailing list guy eventually gave up
http://lists.pfsense.org/pipermail/list/2012-July/002677.html -
The only way I got it to work was to:
- Set up one pfSense gateway to connect to the internet via pppoe
- set up another pfSense as an IPSEC initiator and set up the IPSEC connection.
- Box (1) is my default gateway to the internet
- I route all traffic from (2) to (1) so that IPSEC box can route outwards to establish the IPSEC connection
- I set up a customer route from (1) to (2) for any traffic going to the remote site.
PM me if you want more details.