Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Site to Site VPN behind NAT

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fsr
      last edited by

      Hi,

      I recently upgraded from 2.1 to 2.4 (because of Hyper-V issues in the other releases), and found that two of the site to site VPNs didn't connect.

      I had to use "My IP Address" as identifiers on the pfSense boxes behind NAT, while on the main site (no NAT) i used "IP address" for the peer identifier, and manually typed the IP address of the WAN adapter of the boxes behind NAT. Then they connected again.

      I suppose i could have used "distinguished name", but one of the remote sites had a cisco router which wouldn't be able to use "distinguished name". And that site had dynamic ip, also.

      By the way, a description of what every option means would be nice. At first i thinked that "distinguished name" was a DNS name, but it just seems to send the string as ID to the peer.

      An option for a DNS name would be great, as then you can use that if using Dynamic DNS.

      Also, the option "Any" i supposed that would just accept any ID from the peer (and that would be great with NAT), but didn't seemed to work that way.

      One last thing: the IPSec VPN log seemed very confusing. Racoon used to indicate the tunnel name in every line, but now i only see a mix of lines from every tunnel, with no indication of it's name, and this makes it very hard to tell which tunnel corresponds to which line.

      Regards.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.