Traffic Selector unacceptable.
-
This post is deleted! -
@mirtiza
You have incorrectly configured tunnel parameters on the PFSense side
You set up a tunnel for the Road warriors(Mobile Ipsec), and you need to configure the site-to-sitehttps://docs.netgate.com/pfsense/en/latest/book/ipsec/site-to-site.html
-
Yeah i dont have static IP on both sides.
Site A has static IP and Site IP has dynamic WAN IP, as per my understanding site to site configuration is in case when both sides have static IP.
Please correct me if i am wrong. -
-
This is the network i want to establish. -
@mirtiza
openvpn -
Okay but there is a guide for Digi Transport Cellular routers to do this.
They say its possible, i dont know if you can have a look.I am sharing the pdf as well.
http://ftp1.digi.com/support/documentation/AN_027_Configure_an_IPSEC_VPN.pdfThan you.
-
@mirtiza Theoretically, this is possible to configure using PFSens strongswan) . I need to think
-
@Konstanti thank you so much for time. Please take your time i will be waiting for you. As per my understanding Road Warrior style VPN is for clients with dynamic IP which matches my case.
-
No. You need to use a site-to-site to route tunnel networks like you are trying to do. Mobile IPsec assigns one and only one address to a connecting client. It doesn't "route" subnets like a site-to-site tunnel.
You need to work around dynamic IP addresses with something like dynamic DNS for each endpoint.
Nothing you come up with there will be perfect. Especially if the addresses simply change abruptly.
Set each side to update a Dynamic DNS entry pointing to their actual, routable, outside WAN address.
Tell each side to connect to the FQDN of the DynDNS entry on the other side.
Set each side to use their own FQDN as the IKE identifier locally, and the other side's FQDN as the remote identifier.
