Act as only responder IPSec tunnel endpoint
-
Hi all,
i'm ready to try pfSense in order to replace a not working configuration with a Netgear FVS338.Basically I have 17 remote router UMTS that have to tunnel each local network to my central network.
Central network behind Netgear (will be pfSense)
192.168.1.0
255.255.255.0Remote networks
10.0.xxx.0
255.255.255.0
with xxx from 1 to 17I have dynamic IPs on UMTS routers: Netgear permit to configure phase 1 as "Responder" in order to not specify remote gateway IP.
How can I do this with pfSense?
I can't go with mobile clients I suppose because I have to access remote local networks.
Thanks
-
Hi,
u need to use mobilconfig because umts networks are not reachable from external networks.
Example for 1 Site:
1. central pfsense:
gote system/usermanager
create usergroup eg. remoteaccess with privileges: User - VPN - IPsec xauth Dialincreate 17 user in usermanager with preshared keys eg. site1 - site17, add to group remoteaccess,
goto ipsec -> mobile clients -> enable ike mobile extension -> save
create phase 1
create phase 2create Firewallrule for each mobile subnet on ipsec tab
eg: allow any traffic from subnet eg. 10.0.1.0/24 to 192.168.1.0/24
or one for all: allow any traffic from subnet 10.0.0.0/19 to 192.168.1.0/24
-
part 2:
umts pfsense:
create phase 1
my identifier: keyID tag = <user>preshared key = <userkey>create phase 2create ipsec firewallrule:
eg: allow any traffic from central subnet 192.168.1.0/24 to eg. 10.0.1.0/24
ping ur central pfsense lan ip, check ur ipsec logs
If ur umts routers are not pfsense u need to translate these settings. Umts routers need to support nat-t.
cya
</userkey></user>