Shrew Network Client
-
Make sure on the pfSense side, that you add a PSK for the client on the "Pre-Shared Keys" tab. If you are typing a PSK into a tunnel, you're in the wrong place. There is no box for a PSK on the Mobile Tunnels tab where you setup the pfSense side in that howto.
When adding a key to the Pre-Shared Keys tab, just type an e-mail address in the "Identifier" box, and then make up a PSK, then click save.
Make sure both sides are set to Aggressive mode, especially the Shrew Soft client. The Shew Soft client hides some identifier options (Like the one you need – "Key identifier") unless you are in the proper mode (Aggressive/Main).
-
Hurray! ;D I finally got the connection to the fw1. I have a internal network of 192.168.14.0/24 and have the shrew client set to 192.168.18.0/24.
I added a few rules got 1 ping throught still connected but not recieveing and packets.
Still plugging away at it. I really want to get this working for proof of concept and also It something else I can offer to my customers for remote access without them having invest in expensive solutions.My next challenge is the open vpn client. Test everything I have at my disposal.
RC -
I got the client working, I am able to connect to my internal network ;D. Now I have about 6 internal internal vpn's that I would like connect to from remote. Has anyone done anything like that?
RC
-
I got the client working, I am able to connect to my internal network ;D. Now I have about 6 internal internal vpn's that I would like connect to from remote. Has anyone done anything like that?
You may be able to make it work. I've had mixed luck with using parallel tunnels to accomplish that kind of scenario.
http://doc.pfsense.org/index.php/IPSec_with_Multiple_Subnets
I ended up going with OpenVPN for that particular task since, as it can be routed, it worked much easier.
The multiple-subnet issue for IPSec has been taken care of pretty well on 2.0, but that is still alpha.
-
I am planning to post a link to my web server this weekend with a how too setup PF-Sense mobile support. This will be be with 1.2.3 rc1 with the new ipsec widget. I try to get that done this weekend. I post a link. I planning lot's of screen shots and critical information that was a little shake to understand the fisrt time through. Any think this will be helpful.
RC
-
what kind of rules are need? I am able to connect but can't pass traffice through tunnel?
-
kingtux,
I created a few rules, but here was what IProtocols Remote Subnet Detination Subnet
TCP/UDP 192.168.18.0/24 * 192.168.xx.0/24 * * RoadWarrior
ICMP 192.168.18.0/24 * 192.168.xx.0/24 * * RoadWarrior- 192.168.18.0/24 * 192.168.xx.0/24 * * RoadWarrior
This is what I have created, It's overkill I know but it's working.
RC
-
Thanks i will give that a try and report back…thanks for taking the time to post!
-
The shrew client is a IPSEC client. Add your standard IPSEC rules, here is what I added:
Proto Source Port Destination Port Gw Description
TCP/UDP 192.168.18.0/24 * 192.168.xx.0/24 * * RoadWarrior
ICMP 192.168.18.0/24 * 192.168.xx.0/24 * * RoadWarrior- 192.168.18.0/24 * 192.168.xx.0/24 * * RoadWarrior
make sure that your Souce is different from than the Destination.
RC -
Thanks that worked!
