Ipsec VPN configuration for PFsense behind the adsl modem



  • Dear All,

    Anyone please help me to solve this problem.

    I have adsl modem with static IP 88.xx.xx.xxx
    Modem internal IP: 192.168.1.254

    Pfsense WAN IP 192.168.1.200\24
    Pfsene LAN IP 10.0.0.0\24

    how do i configure the IPSEC or OPen VPN to other site.

    Outside the network when i try to access the static address 88.xx.xxx.xxthe page redirected to pfsense firewall. I dont know how to configure the IPsec and Openvpn in that.

    Thanks

    Kiruba


  • Netgate Administrator

    If you need to connect from outside to pfSense as a server you will need to add port forwards to the DSL router or use some sort of DMZ/1:1 mode. Better would be to put it into bridge mode so the public IP is on the pfSense WAN directly.

    If it's site to site though you don't need to configure anything as long as you can always initiate from this end it will open the tunnel through the DSL routers NAT.

    @kiruba said in Ipsec VPN configuration for PFsense behind the adsl modem:

    Outside the network when i try to access the static address 88.xx.xxx.xxthe page redirected to pfsense firewall.

    That's not good. It implies you have the pfSense gui open to the internet.

    On the other hand the DSL router must be passing that traffic so you probably have in in some sort of DMZ mode already.

    Steve



  • Dear Stephew,

    Thanks a lot man. Now its working fine and we configured the OPEN server client.

    But when i tried to configure the ipsec site to site. its not working

    Head office :-
    Public :88.xxxxx
    Internal Address / Remote Lan addrress: 192.168.9.10

    Current site have :

    Public : 88.XXX
    Internal Address / Remote Lan Address: 10.0.0.0 /24

    I dont know why its not connecting.

    Thanks

    kiruba


  • Netgate Administrator

    Hard to say without logs of the failure but the most likely error there is that the end behiond NAT is using the "My IP" as it's local identifier but the other side expect to see the external public IP there so it fails.
    If so change the Identifier to IP and set it to the public IP. Or chnage both ends to use non-IP identifiers.

    Steve