IPSec Site to Site VPN behind NAT



  • Hi,

    I recently upgraded from 2.1 to 2.4 (because of Hyper-V issues in the other releases), and found that two of the site to site VPNs didn't connect.

    I had to use "My IP Address" as identifiers on the pfSense boxes behind NAT, while on the main site (no NAT) i used "IP address" for the peer identifier, and manually typed the IP address of the WAN adapter of the boxes behind NAT. Then they connected again.

    I suppose i could have used "distinguished name", but one of the remote sites had a cisco router which wouldn't be able to use "distinguished name". And that site had dynamic ip, also.

    By the way, a description of what every option means would be nice. At first i thinked that "distinguished name" was a DNS name, but it just seems to send the string as ID to the peer.

    An option for a DNS name would be great, as then you can use that if using Dynamic DNS.

    Also, the option "Any" i supposed that would just accept any ID from the peer (and that would be great with NAT), but didn't seemed to work that way.

    One last thing: the IPSec VPN log seemed very confusing. Racoon used to indicate the tunnel name in every line, but now i only see a mix of lines from every tunnel, with no indication of it's name, and this makes it very hard to tell which tunnel corresponds to which line.

    Regards.


Log in to reply