Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple machines VPN to same endpoint with VPN Client through pf

    Scheduled Pinned Locked Moved
    IPsec
    2
    3
    3.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      me2352
      last edited by

      Sorry if this has been asked before, but I did not see a definite answer about IPsec.

      So here is my situation: I have 2 machines at home I would like to have VPNed into work at the same time. I could create a static tunnel, but I need to authenticate with domain login/pass through the Cisco VPN client, and I do not see this as possible in the IPsec tunnel setup. Changing the config at work is not an option.

      The underlying issue is this: I try to connect both machines with the vpn client and only one will connect at at time, regardless of what I do. I have tried this same procedure on a cheapie linksys and it works fine.

      Does pfsense support multiple IPsec connections to the same endpoint at the same time? It works to two different endpoints (i have tried and confirmed this) but will not allow me to connect two machines from behind pfsense to the same endpoint.

      Any thoughts? or do i need to plug my linksys back in? I am using 1.0.

      1 Reply Last reply Reply Quote 0
      • P
        psychomoise
        last edited by

        Hi, I have quite the same problem.
        I have two wan connections connected to one pfsense (1.0-RC3), and another pfsense (1.0.1) behind the first.
        My computers are behind the second pfsense.

        When I try to connect to my vpn through the two firewalls, I get this states :
        pfsense (1.0.1):
        udp  A.A.A.A:500 -> C.C.C.C:500 -> E.E.E.E:500  MULTIPLE:MULTIPLE
        udp E.E.E.E:500 <- A.A.A.A:500 MULTIPLE:MULTIPLE

        pfsense (1.0-RC3):
        udp  C.C.C.C:500 -> D.D.D.D:50232 -> E.E.E.E:500  MULTIPLE:MULTIPLE
        udp E.E.E.E:500 <- C.C.C.C:500 MULTIPLE:MULTIPLE

        A.A.A.A = ip address of my computer
        B.B.B.B = ip address of pfsense (1.0.1) lan nic
        C.C.C.C = ip address of pfsense (1.0.1) wan nic
        D.D.D.D = ip address of pfsense (1.0-RC3) opt1 nic
        E.E.E.E = ip address of the VPN server

        I cannot connect two computers to the vpn.
        I think it is because the second pfsense (1.0.1) do not rewrite the isakmp port number.
        So I have this in the end
        Client port :500
        pfsense (1.0.1) port : 500
        pfsense (1.0-RC3) port : random

        Does anyone have an idea how to fix it ?

        1 Reply Last reply Reply Quote 0
        • P
          psychomoise
          last edited by

          I found a solution to my problem, I do not think it is a good solution but it works good for the moment.

          on the pfsense (1.0.1) I just activated the "Enable advanced outbound NAT".

          1 Reply Last reply Reply Quote 0
          • First post
            Last post