Multiple machines VPN to same endpoint with VPN Client through pf
Sorry if this has been asked before, but I did not see a definite answer about IPsec.
So here is my situation: I have 2 machines at home I would like to have VPNed into work at the same time. I could create a static tunnel, but I need to authenticate with domain login/pass through the Cisco VPN client, and I do not see this as possible in the IPsec tunnel setup. Changing the config at work is not an option.
The underlying issue is this: I try to connect both machines with the vpn client and only one will connect at at time, regardless of what I do. I have tried this same procedure on a cheapie linksys and it works fine.
Does pfsense support multiple IPsec connections to the same endpoint at the same time? It works to two different endpoints (i have tried and confirmed this) but will not allow me to connect two machines from behind pfsense to the same endpoint.
Any thoughts? or do i need to plug my linksys back in? I am using 1.0.
Hi, I have quite the same problem.
I have two wan connections connected to one pfsense (1.0-RC3), and another pfsense (1.0.1) behind the first.
My computers are behind the second pfsense.
When I try to connect to my vpn through the two firewalls, I get this states :
udp A.A.A.A:500 -> C.C.C.C:500 -> E.E.E.E:500 MULTIPLE:MULTIPLE
udp E.E.E.E:500 <- A.A.A.A:500 MULTIPLE:MULTIPLE
udp C.C.C.C:500 -> D.D.D.D:50232 -> E.E.E.E:500 MULTIPLE:MULTIPLE
udp E.E.E.E:500 <- C.C.C.C:500 MULTIPLE:MULTIPLE
A.A.A.A = ip address of my computer
B.B.B.B = ip address of pfsense (1.0.1) lan nic
C.C.C.C = ip address of pfsense (1.0.1) wan nic
D.D.D.D = ip address of pfsense (1.0-RC3) opt1 nic
E.E.E.E = ip address of the VPN server
I cannot connect two computers to the vpn.
I think it is because the second pfsense (1.0.1) do not rewrite the isakmp port number.
So I have this in the end
Client port :500
pfsense (1.0.1) port : 500
pfsense (1.0-RC3) port : random
Does anyone have an idea how to fix it ?
I found a solution to my problem, I do not think it is a good solution but it works good for the moment.
on the pfsense (1.0.1) I just activated the "Enable advanced outbound NAT".