VPN between PfSense and Mikrotik IPsec no Phase2



  • Hi every one, I´m student and making a project to comunicate sites and studying what is the best option and cheap, select VPN between pfSense site to site to Mikrotik and with the protocol Ipsec, now in the lab I trying to connect in LAN and when works I will connect on 2 different sites but now I need to conect.

    I don´t know what is my mistake, the version of pfSense is 2.4.4-RELEASE and the Mikrotik is 750 rb with the version 6.40.4

    My stage is
    0_1546186081831_Diagrama sin título.png

    then the configuration of pfSense is

    0_1546186107978_Captura de pantalla 2018-12-30 a las 16.35.32.png

    0_1546186119963_Captura de pantalla 2018-12-30 a las 16.18.43.png

    0_1546186129924_Captura de pantalla 2018-12-30 a las 16.18.53.png

    0_1546186139100_Captura de pantalla 2018-12-30 a las 16.19.21.png

    0_1546186148786_Captura de pantalla 2018-12-30 a las 16.19.30.png

    0_1546186157708_Captura de pantalla 2018-12-30 a las 16.19.52.png

    0_1546186172202_Captura de pantalla 2018-12-30 a las 16.20.10.png

    0_1546186183217_Captura de pantalla 2018-12-30 a las 16.21.05.png

    And the log of pfSense

    0_1546186367453_log.png

    Now the configuration on Mikrotik is

    NAT
    0_1546186210877_1.png

    0_1546186228953_Captura de pantalla 2018-12-30 a las 16.38.10.png

    0_1546186239439_Captura de pantalla 2018-12-30 a las 16.38.10.png

    0_1546186246649_Captura de pantalla 2018-12-30 a las 16.38.17.png

    0_1546186255355_Captura de pantalla 2018-12-30 a las 16.38.51.png

    0_1546186265364_Captura de pantalla 2018-12-30 a las 16.38.59.png

    0_1546186275222_Captura de pantalla 2018-12-30 a las 16.39.06.png

    0_1546186285895_Captura de pantalla 2018-12-30 a las 16.39.24.png

    0_1546186295253_Captura de pantalla 2018-12-30 a las 16.22.24.png

    I don´t know where is the mistake :(

    Thanks in advance



  • @k15
    Hey
    change in the settings of microtic hash algorithm sha1 to sha256 or in the settings of pfsense change sha256 to sha1 (phase 2 setting)
    here is a mistake
    0_1546193637222_9b6f864b-6c66-424f-b718-981d370d47e9-image.png

    0_1546194082738_7bf7c1f8-7667-4965-b2a5-aba4304011cb-image.png



  • Hi!! Thanks so much !! now the tunnel is stablished I change in the PfSense like you say and done

    0_1546194740629_Captura de pantalla 2018-12-30 a las 19.27.39.png

    0_1546194771604_Captura de pantalla 2018-12-30 a las 19.30.34.png

    But now I couldn´t test ping to host 192.168.2.1 LAN gateway from host with ip 192.168.3.2 why ? maybe I need to open port on firewall/rules ?

    thanks so much :)



  • @k15 tcp and icmp - protocols are different ))
    Change in IPSec rule protocol tcp to any
    0_1546195182875_efbc0450-802c-49c0-99a2-f05d263fdc85-image.png



  • @konstanti said in VPN between PfSense and Mikrotik IPsec no Phase2:

    Done !! now I can do ping, I will create folder to test sharing but if ping work work all.

    Thankssss :)



  • @k15 Don't mention it
    Good luck