IPSec Road Warrior with NAT-T Question
-
I am sorry for this question but: ???
What data did you enter in the "Server Identifier: IP Address" field.
I have tried-
I have used the data under “Client Configuration” > “General Tab:” > “Host: <pfsense box="" wan="" ip="">”
In my case in was 24.X.X.X -
I have used the data under “Client Configuration” > “General Tab:” > “Address: (pick some other random range you are not using, like 192.168.111.xx)”
In my case in was 172.21.30.253 -
I have used the data under “Client Configuration” > “Policy:” > “Address: (Network behind pfSense you want to access, e.g. 192.168.1.0)”
In my case in was 172.21.30.0 -
The IP on the computer that I have the client IPSec software on.
In my case in was 192.168.168.103 -
The Public IP of the Linksys WRT54G that my computer with the client IPSec sites behind.
In my case in was 68.X.X.X
But none of there seems to work.</pfsense>
-
-
I am sorry for this question but: ???
What data did you enter in the "Server Identifier: IP Address" field.On the Shrew Soft client?
Remote Identity:
Type: IP Address
Use Discovered remote host addressOr which setting on what software are you referring to, exactly?
Usually the server identifier is left blank on pfSense unless you know better.
-
I am following this.
http://doc.pfsense.org/index.php/IPSec_Road_Warrior/Mobile_Client_How-ToOn the PFSense config side.
SNIP**************
Fill in the settings as follows:Phase 1 Proposal (authentication):
Negotiation Mode : Aggressive
Server Identifier : IP Address
Encryption Algorithm : 3DES
Hash Algorithm : SHA1
DH Key Group : 2
Lifetime : 86400
Authentication Method : Pre-Shared Key
SNIP************ -
I believe that should really be set to "My IP Address" in the drop-down box.
I updated the howto.
-
Thank you for your response.
I have two other questions but it depends on the answer to this one.
In this part of the tutorial,Under “Client Configuration” > “General Tab:” > “Address: (pick some other random range you are not using, like 192.168.111.xx)”
- Is the “range” that you are referring to an unused IP that in not being used on your LAN side of your pfSense firewall.
- Or is it a New subnet that is not in LAN subnet like 10.10.10.2 if you have a setup like below.
Example
192.168.1.1 LAN < pfSense > WAN 69.59.43.3
-
It is a new subnet that does not exist on any other interface to which pfSense can directly connect.
-
Thank you once again.
And rebooting my client PC everything started to work.
The following is just for informational use only:I made up a new IPSec VPN pool is IP subnet 10.10.10.0/24 that was not on my any interface on my pfSense firewall.
In the tutorial under the “Client Configuration” > “General Tab:” > “Address:” and “Netmask:”
I added this on my Shrew Soft client:
Address: 10.10.10.2
Netmask: 255.255.255.0On the pfSense firewall I added a new rule.
Action: Pass
Interface: IPSEC
Protocol: Any
Source:
Type: Network
Address: 10.10.10.0/24
Destination: LAN subnetNow I am able to see the whole network.
This is my first IPSec VPN. That is why I am being so detailed about everything.
Thanks for all your help. -
well, i arrived on this post after so much discussion but if i well understood :
since pfSense 1.2.3, it's (finally) possible to use ipsec vpn clients (shrew-like) to connect to pfsense from anywhere (anywhere = any network with nat….does it mean all ;D ?) ?
a little feedback from experimented users :
why do you prefer ipsec to openvpn for mobile clients ? (well, i don't want to open a debate ;D)
Sincerely,
-
why do you prefer ipsec to openvpn for mobile clients ? (well, i don't want to open a debate ;D)
You may want to start a new thread for that question, it won't be seen by as many people when it is buried deep in a thread like this.
-
You may want to start a new thread for that question, it won't be seen by as many people when it is buried deep in a thread like this.
u're right ;D
thanks for the advice ;)
