Migrate from Openswan to pfsense
-
So I have a working ipsec vpn with Openswan which I would like to migrate to pfsense.
I kindly request help before doing the change of the configuration of pfsense in order to see if I'm missing something.
<phase1><ikeid>3</ikeid> <iketype>ikev1</iketype> <mode>main</mode> <disabled><interface>wan</interface> <remote-gateway>4.4.4.4</remote-gateway> <protocol>inet</protocol> <myid_type>myaddress</myid_type> <myid_data><peerid_type>peeraddress</peerid_type> <peerid_data><encryption-algorithm><name>3des</name></encryption-algorithm> <hash-algorithm>md5</hash-algorithm> <dhgroup>2</dhgroup> <lifetime>86400</lifetime> <pre-shared-key>123456</pre-shared-key> <private-key><certref><caref><authentication_method>pre_shared_key</authentication_method> <nat_traversal>on</nat_traversal> <mobike>off</mobike> <dpd_delay>10</dpd_delay> <dpd_maxfail>5</dpd_maxfail></caref></certref></private-key></peerid_data></myid_data></disabled></phase1>
Phase2
<phase2><ikeid>3</ikeid> <uniqid>574ff5e64f3a5</uniqid> <mode>tunnel</mode> <disabled><reqid>6</reqid> <localid><type>address</type> <address>8.8.8.8</address></localid> <remoteid><type>network</type> <address>7.7.7.7</address> <netbits>32</netbits></remoteid> <protocol>esp</protocol> <encryption-algorithm-option><name>aes</name> <keylen>auto</keylen></encryption-algorithm-option> <encryption-algorithm-option><name>3des</name></encryption-algorithm-option> <hash-algorithm-option>hmac_sha1</hash-algorithm-option> <pfsgroup>0</pfsgroup> <lifetime>28800</lifetime></disabled></phase2>
<phase2><ikeid>3</ikeid> <uniqid>57501f3318077</uniqid> <mode>tunnel</mode> <disabled><reqid>8</reqid> <localid><type>address</type> <address>8.8.8.8</address></localid> <remoteid><type>network</type> <address>10.1.37.0</address> <netbits>25</netbits></remoteid> <protocol>esp</protocol> <encryption-algorithm-option><name>aes</name> <keylen>auto</keylen></encryption-algorithm-option> <encryption-algorithm-option><name>3des</name></encryption-algorithm-option> <hash-algorithm-option>hmac_sha1</hash-algorithm-option> <pfsgroup>0</pfsgroup> <lifetime>28800</lifetime></disabled></phase2>
openswan configuration
conn IPsec1 type=tunnel left=4.4.4.4 leftid=4.4.4.4 leftsubnets={ 10.1.37.0/25 7.7.7.7/32 } rightsubnet=8.8.8.8/32 right=8.8.8.8 rightid=8.8.8.8 pfs=no authby=secret ikelifetime=24h dpddelay=10 dpdtimeout=30 dpdaction=restart_by_peer auto=start keyexchange=ike
Thanks
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.