Problems with IPSEC to multiple branches



  • Hi,
    i hope you can help me with my problem:
    I changed all the routers in my company through pfSense.
    The branches all have fixed IP’s and are connected via IPSEC to the Headquarter.
    We have a 2Mbit SDSL connection there. The branches all have ADSL connections with fixed IP’s (PPPOE) and different bandwidths. The traffic is normally really low because they work on a AS/400 (like a telnet program).
    Here the configuration of the different tunnels, which are the same but the PSK
    Interface: WAN
    Local Subnet: LAN subnet
    Remote Subnet: 192.168.x.0 /24
    Remote Gatway: Filiale WAN IP

    P1
    Mode: aggressive
    Identifier: My IP Adress
    Encryption: Blowfish
    Hash: SHA1
    DH: 2
    Lifetime: 28800
    Auth: PSK

    P2
    Protocol: ESP
    Encryption: Blowfish
    Hash: SHA1
    PFS: 2
    Lifetime: 86400

    The Hardware in the HQ is a Intel 2,4 Ghz PC with 1GB RAM and 2 Nic’s
    The branches have embedded ALIX machines from PCEngines.
    Problem is, that the connection in the branches often breaks. Normally they reconnect fast, but the connections to telnet disconnect.
    Please ask me about different logs you need to help me with this problem, because i don’t know exactly what is relevant.
    After i installed the 4th banch, the PPTP Server on the HQ stopped working.
    Any Ideas? I redirect PPTP to my W2k3 Server now.
    I recognized that some Firewalls have no connection to the NTP Server.
    Some do, some not (cannot reach pool.ntp.org eg.). Can the different date cause the problems with the connection problems (lifetime)?

    It would be great if someone could give me a hint or is interested in bringing up a solution for this problem.
    Best regards
    Patrick



  • Hi Patrick,
    Have you tried the bottom box to automatically ping host?



  • yes i did (ping to remote gateway lan adress) but only from branch to HQ because branch has no full time connection


Log in to reply