2.0 IPSEC Lan - to - Lan



  • Guys,

    How would i go about stipulating what my Local and Remote subnets are like the following in v1.2.3
    Cant see anywhere on the tunnel page on 2.0

    http://doc.pfsense.org/images/ios-to-pfsense-ipsec.png

    Regards,



  • In 2.0 you need to define a Phase 2 entry under the Phase 1 connection, and that's where the subnets are specified, since you can specify multiple subnets for a single Phase 1 in version 2.0.



  • How ridiculously stupid of me. I didnt submit the phase 1 form … I do the silliest things sometimes :)

    Thanks David



  • No problem, it took me a while to figure it out myself originally, too–used to version 1.2.3 and no real docs with 2.0 yet in many ways, but I've done it a few times now (and read a lot in the forums), so I'd (almost!) consider myself a pro at version 2 IPsec now :-) Even got it working to Endian as the other endpoint in a site-to-site, and with iPhone from Mobile clients. Also if you use the Shrewsoft VPN client I have a forum post showing a tweak you need to make in the latest version to make it connect as a Mobile client.

    Once you're used to it, the configuration for IPsec in pfSense 2 is awesome, and very flexible. I can barely stand using 1.0 now because of the stuff in 2.0 such as using DHCP to assign IP addresses, iPhone/Mobile support with multiple subnets (phase 2s) accessible and pushed to the client with split DNS functional...pretty sweet setup! Even using most other IPsec endpoints like Endian feels so inflexible after using version 2! But fortunately pfSense has enough settings that with some experimenting you can usually get it working with pretty much any other IPsec endpoint, even though it's not nearly as flexible as pfSense-to-pfSense in range of options.


Log in to reply