Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec lan-to-lan with PfSense and MikroTik - Not working!!!

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Riccardo90
      last edited by

      Hello,
      I have some trouble configuring a working IPSec connection between my PfSense and a MikroTik firewall Router.

      I have the public static IP configured on the PfSense WAN port, and a private IP configured on the WAN of MikroTik because it is behind a NAT.

      I tried to bring up the tunnel using the configuration attached to this post, but it doesn't work.

      Can someone give me (and the community) an help in order to make it working and stable?

      Thank you,
      Regards

      Riccardo
      ![PfSense P1.png](/public/imported_attachments/1/PfSense P1.png)
      ![PfSense P1.png_thumb](/public/imported_attachments/1/PfSense P1.png_thumb)
      ![PfSense P2.png](/public/imported_attachments/1/PfSense P2.png)
      ![PfSense P2.png_thumb](/public/imported_attachments/1/PfSense P2.png_thumb)
      MKT_Peer.png
      MKT_Peer.png_thumb
      MKT_Policy.png
      MKT_Policy.png_thumb
      MKT_Proposal.png
      MKT_Proposal.png_thumb

      1 Reply Last reply Reply Quote 0
      • R
        Riccardo90
        last edited by

        No-one have a solution for my issue with IPSec connection?…

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          Apparently not with the awesome "but it doesn't work." issue description… Guess why.

          1 Reply Last reply Reply Quote 0
          • M
            MaxHeadroom
            last edited by

            Hi,

            i know that mikrotik + pfsense  is working.

            Is phase1 ok ? –>yes go to phase2
            is phase2 ok ?

            From mikrotic forum:
            When you want to make a direct IPsec tunnel between MikroTik routers you must make sure that you have an exception rule in your NAT table for traffic from the local to the remote network which says "accept" (before your general rule that says "masquerade" or "src-nat").
            When you do not do that, the router will mistakenly NAT the traffic before it puts it into the tunnel, and no communication will be possible.

            I used on phase 1
            Encryption algorithm AES 256
            Hash algorithm

            |
            SHA1
            DH key group 2(1024)
            Lifetime 86400

            phase2
            Protocol ESP
            Encryption algorithms AES (auto)
            Hash algorithms SHA1
            PFS key group 2(1024)
            Lifetime 1800

            With other setting i ran in trouble.

            regards
            max |

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.