Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hi, i am a newbie, i built ipsec between pfsense and pfsense.but i found a bug

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      blackjack550
      last edited by

      hi,
        i test ipsec between pfsense 1.2.3-release and pfsense 1.2.3-release in vmware.  but i can't build tunnel. all of configure has been setup successful.  so  i use

      ifconfig gif0 create
ifconfig gif0 [intra-src.] [intra-dst.]
ifconfig gif0 tunnel [extra-src.] [extra-dst.]

      then, i  can build tunnel.    but  i can't reboot server.  as the tunnel will be disappered.
      is this a bug of pfsense?

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        IPsec tunnels work fine on their own, you do not need to manually create any gif interfaces. It's more than likely a configuration bug, but we need a lot more detail about the settings you are trying to use on the tunnels to be sure.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B Offline
          blackjack550
          last edited by

          thx for reply

          my environment is in  vmware. i started four virtual server. the two is pfsense, another two is client.  the network of pfsense is bridged and customed .

          i found it have a tunnel device named by enc0.
          my config is follow:
          VPN: IPsec: Edit tunnel

          Mode Tunnel tunnel
          Interface  WAN
          DPD interval  seconds
          Local subnet Type:    LAN subnet
          Remote subnet  192.168.2.0/ 24
          Remote gateway  10.48.255.252

          Phase 1 proposal (Authentication)
          Negotiation mode  main

          My identifier  My IP address 
          Encryption algorithm  AES-256
          Must match the setting chosen on the remote side. 
          Hash algorithm  SHA1
          Must match the setting chosen on the remote side. 
          DH key group 2
          1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit
          Must match the setting chosen on the remote side. 
          Lifetime  28800 seconds
          Authentication method  Pre-shared key
          Must match the setting chosen on the remote side.
          Pre-Shared Key  xxxxxxx

          Phase 2 proposal (SA/Key Exchange)
          Protocol  ESP
          ESP is encryption, AH is authentication only 
          Encryption algorithms 
          AES-256

          Hint: use 3DES for best compatibility or if you have a hardware crypto accelerator card. Blowfish is usually the fastest in software encryption. 
          Hash algorithms  SHA1

          PFS key group  2
          1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit
          Lifetime  seconds

          other server:
          VPN: IPsec: Edit tunnel

          Mode Tunnel tunnel
          Interface  WAN
          DPD interval  seconds
          Local subnet Type:    LAN subnet
          Remote subnet  192.168.0.0/ 24
          Remote gateway  10.48.255.251

          Phase 1 and Phase 2 as same as the first host.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.