Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [ipsec] unable to configure a working ipsec vpn tunnel

    IPsec
    1
    1
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Proxx
      last edited by

      Ok i have tried multiple times to setup a vpn setup between 2 pfsens 1.2.3(also tried 2.0 beta same result) pc's
      i have found different tutorials but non of them seems to work. i pretty sure i am the one that is making a mistake but i cant find the problem.

      i first started working with pfsens 1year ago. sins then i have tried 3 diffent times to configure a vpn. failed then i put the pfsense away after a few monts i tried again. every time i did fail  :-[

      [b]ok lets start:

      pfsense.local
      LAN 172.16.1.1
      WAN 192.168.1.74

      kobenl.local
      LAN 172.16.12.1
      WAN 192.168.1.75

      disabled: Block private networks and Block bogon networks

      i have made a IPSEC firewall rule on both pc's
      ANY ANY ANY ANY

      this is just a test setup and i failed for many time's so im happy if at least some data wil go trough security is not my main concern at the moment

      
Source  Destination  	Direction  	Protocol  	Tunnel endpoints  	
172.16.12.0/24 	172.16.1.0/24  	>	ESP 	192.168.1.76 -192.168.1.74 	
172.16.1.0/24 	172.16.12.0/24 	<	ESP 	192.168.1.74 -192.168.1.76 	


      
Mar 15 13:55:57 	racoon: INFO: @(#)ipsec-tools 0.7.2 (http://ipsec-tools.sourceforge.net)
Mar 15 13:55:57 	racoon: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
Mar 15 13:55:57 	racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Mar 15 13:55:57 	racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=14)
Mar 15 13:55:57 	racoon: [Self]: INFO: 172.16.1.5[500] used as isakmp port (fd=15)
Mar 15 13:55:57 	racoon: [Self]: INFO: 192.168.1.74[500] used as isakmp port (fd=16)
Mar 15 13:55:57 	racoon: INFO: unsupported PF_KEY message REGISTER
Mar 15 13:55:57 	racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=14)
Mar 15 13:55:57 	racoon: [Self]: INFO: 172.16.1.5[500] used as isakmp port (fd=15)
Mar 15 13:55:57 	racoon: [Self]: INFO: 192.168.1.74[500] used as isakmp port (fd=16)

      i have attached my ipsec configs to this topic.
      if i can supply you with more information pls say so.

      
Router____ pfsens(172.16.12.1) ___ client(172.16.12.10)
        \___ pfsense(172.16.1.1) ___  client(172.16.1.10)

      when i figured out what the problem is i want to make the network more advanced. 3ipsec tunnels to 3 different locations (uk, netherlands, germany, belgium) replacing cisco pix firewalls.

      SOLUTION:
      This had to be the dumbest thing i have every seen. i have tried multiple times and never tried to ping the other site :X ping to 172.16.12.1 brings up the tunnel and makes me feel stupid  :-
      maybe you can take this post as an excample for the rest of us :P haha
      ipsec-config-kobenl.local-20100315133413.txt
      ipsec-config-pfsense.local-20100315133110.txt

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.