Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static to dynamic behind router and pfsense has class C

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      harqobispal
      last edited by

      I have been messing with this for months trying to get it to work.  IPSEC tunnel between parent office with static ip.  Remote is a residential high speed router with changing external IP, and PFsense is behind this router.  The pfsense behind this router gets a class c interal ip (192.168.x.x).  The tunnel attempts to start but i see it blocking the class C ip on the PFsense firewall at the parent office (port 500 with the internal ip of the pfsense at the remote office).  I am so burned out on trying to figure this out i finally gave up and wanted to ask the forumns here. Any ideas?  I also thank you in advance.

      Parent office STATIC IP >>>>>>>>>internet>>>>>>>>>Provider router with changing external IP>>>>>>NAT to class C via provider router>>>>>>PFsense wan class c>>>>PFsense remote internal network

      the tunnel needs to do this

      Parent office internal network >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>PFsense remote internal network

      1 Reply Last reply Reply Quote 0
      • H
        harqobispal
        last edited by

        I have been searching an searching the posts.  I will rephrase and ask this question. I also thank anyone that will reply and give me some kind of hint.

        Can you connect via ipsec tunnel this setup

        main site- pfsense has external ip address normal tunnel setup. Behind this is 2 class c ip address ranges connected to a 3550xl cicso with routing turned on. The internal side of the pfsense is on a separate class c that is also connected to the 3550xl.  The tunnel or tunnels need to route traffic from the 2 class c networks on the 3550xl through to the other side of the tunnel.

        remote site-pfsense is behind a provider router(minimal changes can be done to this router), this router also has forced NAT. The pfsense has a class c wan address(192.168).  It also has class c interall addresses.  The internal flat network needs to connect to the other networks at the main site via the tunnel(s).

        I have static routes on the main site pfsense so the 2 class c internal networks can reach the internet. The remote site works normally with the normal settings, however i cannot get the tunnel to connect.  I have done a test setup with 2 external ip addresses with the same hardware and the tunnel works.

        Can you tell me if it is possible to setup a tunnel at a remote site that is behind a router with NAT and the remote site pfsense has a class c wan address?

        Here is an error from the logs from the main site.

        1 10. 009466 rule 33/0(match): block in on fxp1: (tos 0x0, ttl 64, id 11377, offset 0, flags [none], proto: UDP (17), length: 320) 192.1xxx.xxx.xxx > xxx.xxx.xxx.xxx: [|isakmp]

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.