4. IPSec Site to Site VPN behind NAT

IPSec Site to Site VPN behind NAT

  • F

    Hi,

    I recently upgraded from 2.1 to 2.4 (because of Hyper-V issues in the other releases), and found that two of the site to site VPNs didn't connect.

    I had to use "My IP Address" as identifiers on the pfSense boxes behind NAT, while on the main site (no NAT) i used "IP address" for the peer identifier, and manually typed the IP address of the WAN adapter of the boxes behind NAT. Then they connected again.

    I suppose i could have used "distinguished name", but one of the remote sites had a cisco router which wouldn't be able to use "distinguished name". And that site had dynamic ip, also.

    By the way, a description of what every option means would be nice. At first i thinked that "distinguished name" was a DNS name, but it just seems to send the string as ID to the peer.

    An option for a DNS name would be great, as then you can use that if using Dynamic DNS.

    Also, the option "Any" i supposed that would just accept any ID from the peer (and that would be great with NAT), but didn't seemed to work that way.

    One last thing: the IPSec VPN log seemed very confusing. Racoon used to indicate the tunnel name in every line, but now i only see a mix of lines from every tunnel, with no indication of it's name, and this makes it very hard to tell which tunnel corresponds to which line.

    Regards.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy