Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Multiple machines VPN to same endpoint with VPN Client through pf

    IPsec
    2
    3
    3215
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      me2352 last edited by

      Sorry if this has been asked before, but I did not see a definite answer about IPsec.

      So here is my situation: I have 2 machines at home I would like to have VPNed into work at the same time. I could create a static tunnel, but I need to authenticate with domain login/pass through the Cisco VPN client, and I do not see this as possible in the IPsec tunnel setup. Changing the config at work is not an option.

      The underlying issue is this: I try to connect both machines with the vpn client and only one will connect at at time, regardless of what I do. I have tried this same procedure on a cheapie linksys and it works fine.

      Does pfsense support multiple IPsec connections to the same endpoint at the same time? It works to two different endpoints (i have tried and confirmed this) but will not allow me to connect two machines from behind pfsense to the same endpoint.

      Any thoughts? or do i need to plug my linksys back in? I am using 1.0.

      1 Reply Last reply Reply Quote 0
      • P
        psychomoise last edited by

        Hi, I have quite the same problem.
        I have two wan connections connected to one pfsense (1.0-RC3), and another pfsense (1.0.1) behind the first.
        My computers are behind the second pfsense.

        When I try to connect to my vpn through the two firewalls, I get this states :
        pfsense (1.0.1):
        udp  A.A.A.A:500 -> C.C.C.C:500 -> E.E.E.E:500  MULTIPLE:MULTIPLE
        udp E.E.E.E:500 <- A.A.A.A:500 MULTIPLE:MULTIPLE

        pfsense (1.0-RC3):
        udp  C.C.C.C:500 -> D.D.D.D:50232 -> E.E.E.E:500  MULTIPLE:MULTIPLE
        udp E.E.E.E:500 <- C.C.C.C:500 MULTIPLE:MULTIPLE

        A.A.A.A = ip address of my computer
        B.B.B.B = ip address of pfsense (1.0.1) lan nic
        C.C.C.C = ip address of pfsense (1.0.1) wan nic
        D.D.D.D = ip address of pfsense (1.0-RC3) opt1 nic
        E.E.E.E = ip address of the VPN server

        I cannot connect two computers to the vpn.
        I think it is because the second pfsense (1.0.1) do not rewrite the isakmp port number.
        So I have this in the end
        Client port :500
        pfsense (1.0.1) port : 500
        pfsense (1.0-RC3) port : random

        Does anyone have an idea how to fix it ?

        1 Reply Last reply Reply Quote 0
        • P
          psychomoise last edited by

          I found a solution to my problem, I do not think it is a good solution but it works good for the moment.

          on the pfsense (1.0.1) I just activated the "Enable advanced outbound NAT".

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy