• Hi,

    I'm trying to configure an IpSec tunnel between two PfSense firewall both version
    built on Sun Oct 29 01:07:16 UTC 2006

    One one side PfSense WAN has a static ip address:


    and CARP IP til xx.xx.xx.222

    When I try to create a tunnel, I can only select which interface to listen to (WAN, DMZ, LAN) but how can I specify which IP to use?

    On the WAN static IP I forward IpSec port to a Win2003 server. So i need to specify one of the CARP IP as interface to listen to (the other side will use this ip as remote gateway)

    Is this possible?

    Thanks in advance,


  • Another problem I found…

    on the other PfSense when i try to start IpSec I get an error in racoon.conf line 2

    listen {
    isakmp  [500];


    i found this in the file.

    This pfsense has a WAN with a static private IP 192.168.xx.xx and four VirtuaIp public configured.

    i tried to modify the file this way:

    listen {
    isakmp xx.xx.xx.149 [500];


    but when i restart racoon it is overwritten with the old vesion.


  • Hint: VPN>ipsec, failover ipsec tab

  • Can I use FailOver Ipsec even if the vpn won't actually be a failover connection?

    I'll try this way, thanks

  • What about the error in racoon.conf line 2? any hint  ???


  • Thats fixed in a recent snapshot.

  • latest snapshot is stable enough for production enviroinment?

    The version I'm using now (1.0.1) is working great and very stable  ;D

    Thanks in advance,

  • We consider the releng1 snapshots as pretty stable. Only usability updates and bugfixes go into this branch. It's not like we are reinventing a new system here. Thet's what the head code tree is for. However, backing up your config before you upgrade won't hurt.

  • Ok, thanks  ;D