VPN site-to-site tunnel between VyOS and pfSense



  • Hi, I would like to create VPN tunnel site-to-site between VyOS and pfSense routers. When I created a configuration between devices, connection is established but tunnel is not up. What I should to change? I can ping from pfSense to VyOS and vice versa. VyOS ip: 192.168.2.1/24 PFsense ip: 192.168.2.33/24

    Config VYOS

    vpn {
    ipsec {
        esp-group ESP-1W {
            compression disable
            lifetime 1800
            mode tunnel
            pfs enable
            proposal 1 {
                encryption aes256
                hash sha1
            }
            proposal 2 {
                encryption 3des
                hash md5
            }
        }
        ike-group IKE-1W {
            ikev2-reauth no
            key-exchange ikev1
            lifetime 3600
            proposal 1 {
                encryption aes256
                hash sha1
            }
            proposal 2 {
                encryption aes128
                hash sha1
            }
        }
        ipsec-interfaces {
            interface eth1
        }
        site-to-site {
            peer 192.168.2.33 {
                authentication {
                    mode pre-shared-secret
                    pre-shared-secret test_key_1
                }
                connection-type initiate
                default-esp-group ESP-1W
                ike-group IKE-1W
                ikev2-reauth inherit
                local-address 192.168.2.1
                tunnel 1 {
                    allow-nat-networks disable
                    allow-public-networks disable
                    local {
                        prefix 192.168.40.0/24
                    }
                    remote {
                        prefix 192.168.60.0/24
                    }
                }
            }
        }
    }
    }
    

    Config pfSense




  • On phase 2 config at pfsense, try specifying a network instead of LAN subnet.



  • You are not showing the phase2 config you are using in the pfSense and that is what it is failing.


Log in to reply