4. Multiple machines VPN to same endpoint with VPN Client through pf

Multiple machines VPN to same endpoint with VPN Client through pf

  • M

    Sorry if this has been asked before, but I did not see a definite answer about IPsec.

    So here is my situation: I have 2 machines at home I would like to have VPNed into work at the same time. I could create a static tunnel, but I need to authenticate with domain login/pass through the Cisco VPN client, and I do not see this as possible in the IPsec tunnel setup. Changing the config at work is not an option.

    The underlying issue is this: I try to connect both machines with the vpn client and only one will connect at at time, regardless of what I do. I have tried this same procedure on a cheapie linksys and it works fine.

    Does pfsense support multiple IPsec connections to the same endpoint at the same time? It works to two different endpoints (i have tried and confirmed this) but will not allow me to connect two machines from behind pfsense to the same endpoint.

    Any thoughts? or do i need to plug my linksys back in? I am using 1.0.

    0
  • P

    Hi, I have quite the same problem.
    I have two wan connections connected to one pfsense (1.0-RC3), and another pfsense (1.0.1) behind the first.
    My computers are behind the second pfsense.

    When I try to connect to my vpn through the two firewalls, I get this states :
    pfsense (1.0.1):
    udp  A.A.A.A:500 -> C.C.C.C:500 -> E.E.E.E:500  MULTIPLE:MULTIPLE
    udp E.E.E.E:500 <- A.A.A.A:500 MULTIPLE:MULTIPLE

    pfsense (1.0-RC3):
    udp  C.C.C.C:500 -> D.D.D.D:50232 -> E.E.E.E:500  MULTIPLE:MULTIPLE
    udp E.E.E.E:500 <- C.C.C.C:500 MULTIPLE:MULTIPLE

    A.A.A.A = ip address of my computer
    B.B.B.B = ip address of pfsense (1.0.1) lan nic
    C.C.C.C = ip address of pfsense (1.0.1) wan nic
    D.D.D.D = ip address of pfsense (1.0-RC3) opt1 nic
    E.E.E.E = ip address of the VPN server

    I cannot connect two computers to the vpn.
    I think it is because the second pfsense (1.0.1) do not rewrite the isakmp port number.
    So I have this in the end
    Client port :500
    pfsense (1.0.1) port : 500
    pfsense (1.0-RC3) port : random

    Does anyone have an idea how to fix it ?

    0
  • P

    I found a solution to my problem, I do not think it is a good solution but it works good for the moment.

    on the pfsense (1.0.1) I just activated the "Enable advanced outbound NAT".

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy