Mobile User IPSec, connect but no packets?



  • As my office firewall, I am testing pfSense 2.0-RC1 (i386), built on Tue Apr 19 23:38:23 EDT 2011.

    I have two netgate routers with pfSense 1.2.3 installed on them that I send out with my colleagues to provide a temporary IPSec tunnel back to the office from wherever they are. The Mobile user VPN has made this very easy.

    However, with 2.0-RC1 I can't seem to get any packets to transfer between the main and remote routers, even though it appears that the tunnel is up. When I set up a "normal" tunnel on both endpoints (i.e., not "Mobile client" on the main router), then traffic flows freely.

    I've tried to search for this issue in the forums but didn't come across anything that seemed just like mine, though one that did seemed to note that it was a known problem, but I can't find it anywhere else mentioned on the forum or in the bug tracker.

    Is this something that anyone else is seeing?

    I can make it work with the non-Mobile clients, but it was nice to not have to determine the remote IP address and update the phase1 entry each time my colleagues moved to a different location.


  • Rebel Alliance Developer Netgate

    Not sure what the issue might be with the mobile tunnel deal, but you don't have to update the IP like that. Setup dyndns on the remote site and refer to it by hostname instead of IP address. That will update automatically and reconnect even when the IP changes. (Provided that the dyndns client on the remote side updates properly, of course…)



  • @jimp:

    Setup dyndns on the remote site and refer to it by hostname instead of IP address. That will update automatically and reconnect even when the IP changes. (Provided that the dyndns client on the remote side updates properly, of course…)

    Good idea. Works great!


Locked