Nano IPSec different from Full Install?
I've got an Alix system from Netgate running 1.2.3 and a full install on a dual core atom setup and cannot get an IPSec tunnel working on the Alix. I have tried between the units themselves, to 3rd party devices I know work with PFSense IPSec tunnels, and the Alix will NOT write the SA's for the tunnel and nothing is brought up. The full install works every time I configure the tunnel, the Nano install does not. I have swapped devices on the same internet connection and can replicate this.
Can anyone confirm this?
I have many ALIX boxes in the field running 1.2.3 with NanoBSD and IPsec has worked great for me. There shouldn't be any difference between Nano and Full for IPsec. The config is writted to /var/etc which should be a memory disk on NanoBSD.
Did your ALIX come pre-installed from Netgate? Or did you image the CF yourself? Have you tried to rewrite the CF with the official 1.2.3 NanoBSD image for your CF size?
The ALIX came with 1.2.3 preinstalled from Netgate, I have not reimaged it, but that's not a bad idea. I need to find a serial adapter and a USB->Serial adapter first.
I'm glad it works, I'm tearing my hair out here trying to get this working as our previous solution (Snapgear FW's) have been EOL'ed and we need a drop-in solution for clients.
you should be able to access your ALIX after re-flashing it by just browsing to 192.168.1.1. not a bad idea to have a serial adapter and cable available but it's not a must have.
Thanks for info, I might wipe this unit and start again. I'm having problems with our IP Phones staying registered as well, and want to test that out before re-addressing the IPSec issues. I won't get to either until next week when I'm at the office again.
I finally broke down and got the book out and read through the instructions. Turns out I forgot to put rules FROM each VPN tunnel segment, I had the rules TO the segments but missed one part.
Everything works great now. Wonderful book btw.