PF Sense as IPSec central gateway, more than 3 phase 2 entries –> no child SA's
mbrabetz last edited by
Hello everyone, I'm really new here and not really fit using PFSense..
At the moment I'm encountering the problem, that our central PFSense doesn't want to allow an additional phase 2 entry in one of our IPSec site to site connections (1 branch office has to reach 4 other networks). When disabling one of the existing phase 2 entries and restarting the IPsec connection the child SA's are created and working (without the disabled network). When activating "NAT - BINAT Translation" (cause i have to hide this network when connecting to a customer of us) the same problem is occuring.
Actually we are using:
built on Tue Sep 27 12:13:07 CDT 2016
Any ideas, remarks or questions are appreciated.