VPN worked with m0n0wall, what do I do wrong with pfsense?



  • First of all, I don't know much about IPSEC and stuff,so bare with me. Here goes…

    I switched from an old m0n0wall version to pfsense 1.2.3-RC1 a few days ago and it has worked fine until today when both me and my wife tried to connect to or respective offices.

    She has the Cisco VPN Client and I have the Watchguard Mobile VPN client. Both worked with m0n0wall, but we get no connection at all with pfsense.

    I suppose I am missing something, this must be the most trivial case of VPN connection? Since the m0n0wall machine had no problem with it, and that version was at least three years old, shouldn't it be possible with pfsense?

    Do I need to set up any firewall rules? I have a few for port 500 and 4500 since that's what I had on m0n0wall - I think it's some keep-alive stuff (ISAKMP and IPSEC NAT-T according to the rule table in the pfsense GUI).

    The client computers get IP adresses through DHCP and have no NAT stuff going on. They are connected to a switch, which also connects to the pfsense machine, which in turn hooks up to my ADSL modem.

    I can't change much on the client side, that stuff has been configured by company sysadmins and is mostly read-only.

    What's this, btw?  http://doc.pfsense.org/index.php/FAQ_cisco_vpn_pass_thru_not_working_when_behind_pfSense

    Any help would be appreciated.
    I



  • It turns out the problem with the Cisco VPN client wasn't a problem, wifey didn't remember her passcode right…

    Anyway, the Watchguard Mobile VPN is still not working.

    I have setup a few rules in the firewall: allow all communication on ports 500 and 4500 from any to any, and allow ESP and AH protocols from any to any. All those four rules are under "WAN" tab in the Firewall rule table page in the webGUI - do I need anything under the "LAN" tab?


Log in to reply