Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    VPN site-to-site tunnel between VyOS and pfSense

    IPsec
    3
    3
    2112
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cs9112 last edited by

      Hi, I would like to create VPN tunnel site-to-site between VyOS and pfSense routers. When I created a configuration between devices, connection is established but tunnel is not up. What I should to change? I can ping from pfSense to VyOS and vice versa. VyOS ip: 192.168.2.1/24 PFsense ip: 192.168.2.33/24

      Config VYOS

      vpn {
      ipsec {
          esp-group ESP-1W {
              compression disable
              lifetime 1800
              mode tunnel
              pfs enable
              proposal 1 {
                  encryption aes256
                  hash sha1
              }
              proposal 2 {
                  encryption 3des
                  hash md5
              }
          }
          ike-group IKE-1W {
              ikev2-reauth no
              key-exchange ikev1
              lifetime 3600
              proposal 1 {
                  encryption aes256
                  hash sha1
              }
              proposal 2 {
                  encryption aes128
                  hash sha1
              }
          }
          ipsec-interfaces {
              interface eth1
          }
          site-to-site {
              peer 192.168.2.33 {
                  authentication {
                      mode pre-shared-secret
                      pre-shared-secret test_key_1
                  }
                  connection-type initiate
                  default-esp-group ESP-1W
                  ike-group IKE-1W
                  ikev2-reauth inherit
                  local-address 192.168.2.1
                  tunnel 1 {
                      allow-nat-networks disable
                      allow-public-networks disable
                      local {
                          prefix 192.168.40.0/24
                      }
                      remote {
                          prefix 192.168.60.0/24
                      }
                  }
              }
          }
      }
      }
      

      Config pfSense


      1 Reply Last reply Reply Quote 0
      • B
        barnettd last edited by

        On phase 2 config at pfsense, try specifying a network instead of LAN subnet.

        1 Reply Last reply Reply Quote 0
        • M
          mikee last edited by

          You are not showing the phase2 config you are using in the pfSense and that is what it is failing.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post