Multiple Site-To-Site IPsec Problem
-
Hello, I have a pfSense instance with a static IP, 192.168.2.0/24 on a static IP
Prior to my upgrade to 2.0 Release (I think I was using build RC1), I had a setup similar to:
Phase 1 mobile tunnel, Mutual PSK, Aggressive Mode, 3DES, MD5, DH Group1, 28800 key lifetime
Phase 2 (a) ESP, 3DES, MD5, PFS Group1, 28800 key lifetime
…
Phase 2 (f) ESP, 3DES, MD5, PFS Group1, 28800 key lifetimeSo 6 phase 2 entries for VPN endpoints that all have dynamic IP addresses. Each had a unique ID/PSK
This configuration worked fine.
I upgraded to 2.0-Release, and racoon would not start due to a configuration error.
I noticed that the line number of the error was related to the mobile VPN, so I deleted the phase 1/phase 2's for dynamic IP sites
Tried to re-create them and I cannot create more than one Phase 2 with the same LAN
Not only that, but not a single one will connect. All error out with "no valid sa" or "no remote configuration". I can post the full log, but I have racoon debug on at the moment and don't want to flood the post if I am missing something obvious (to others).
Any idea how I can get this config back with multiple phase 2's and the same LAN entry?
Thanks in advance for any advice.
-
Just to update, after leaving this alone all night I do see SAD and SPD entries for the dynamic IP sites, but no data sent/received and I am unable to ping any of them.