Tutorial to setup Mobile IPSEC

msonic

Hi,

I'm trying to setup mobile acces via ipsec.  but there's no tutorial for pfsense 2.0

can somebody help me with this ?

greetz.

Vorkbaard

Here you go: http://www.huijgen.com/tunnel/

msonic

Thanks man !!! ;)

it works like a charm , but still 1 question remains…
Xauth against a Radius server with shrewsoft client ?

i configured a radius server wich works on pptp already. This server settings i defined under users manager->servers also.
If i choose Mutal PSK+Xauth  what do i have to fill in  to get this working too.

when i search on the forums i see allot of trouble with this.

somebody ? ???

Vorkbaard

Sorry, can't help you there. But if you can get it to work it would be nice if I could add it to the howto.

msonic

Hi,

That would be a nice thing indeed…..

I read there is support for Xauth it in racoon , but it isn't  implemented in PF 2.0 right.  The "system" items are hardcoded in pfsense.
implementation wil be suggested for PF 2.1.

so we have to wait for this. :-\

greetzz.

msonic

Found a problem….

updated pfsense to 2.0-RC1 (i386) built on Mon Mar 7 12:03:17 EST 2011 and this broke IPsec stability.
now i experience problems with passing traffic trough the tunnel.

what i have tested sofar......

1)reset racoon via services (stop...start)
2)make a connection with shrewsoft client
3)now i can ping a host in the LAN at the firewall side from my client.
so far so good.....

4)disconnect the client and wait for 10 minutes.
5)connect the client again
6)ping to the same host in the LAN (point3)  ......get a timeout....
7)no host reachable at the firewall side.
Broke !!!!

when i start from step 1) it works again till step 4)

There is something wrong in this build.......i assume... ???

greetz...

msonic

For what i can see the time the tunnel breaks there stays a "IPsec security association" line under the SAD tab on sthe ipsec status page.

when this happens there is no traffic anymore at reastablishing the tunnel.

???

CDeLorme

I don't mean to re-open old threads, but I can't find any 2.0 documentation on these forums or elsewhere, and this guide has been down for a bit.

Does anyone have a copy of these instructions, or could share a working tutorial?

I setup PFSense for home user and to learn.  I do web development so I am familiar with computers, but I don't have lots of networking experience.  The 1.2.3 configuration guides have such a loose resemblance to 2.0 that it really isn't doing me any good.  I've been trying to get it working now for over a week so any aid would be greatly appreciated.

Vorkbaard

Sorry about that. I'll create a new one and post it here in a while. Stay tuned.

/Edit
I rewrote the howto and fixed the link. Good luck :)

alioune

Hi, I see this good document on "How to set up IPsec tunneling in PfSense 2.0-RELEASE for road warriors".
I just want to use RSA-signature and not PSK (pre-shared key). In this case, seek 1 tutorial on: How to set up IPsec tunneling in PfSense 2.0-RELEASE (or PfSense 1.2.3)  for road warriors using RSA-signature.
Regards !