Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense 2.0 <–-> 2.01 IPsec VPN

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zounder1
      last edited by

      I'm currently struggling to get an PFsense 2.0 <–-> 2.01 IPsec vpn going.

      I am new with PFsense but have extensive experience with IPsec VPNs so I am quite comfortable with setup.

      So here goes:
      Box1 PFsense 2.0
      Box2 PFsense 2.01

      Box1 is configured for two VPNs.
      VPN1 -->  Dedicated vpn with an IPcop box.  This connection works perfectly
      VPN2 -->  Trying to connect Box1 and Box2.

      Box2 is configured for one VPN
      VPN1  --> Trying to connect Box1 and Box2

      I have read in some posts to add an entry in the Firewall--IPSec section, but I really question why I should have to do that manually.  The VPN created between Box1:PFsense--IPCop has no entries in the Firewall-IPSec section and things work perfectly fine there.  (Pinging between the two networks is fine.)  So why should I need to create a manual entry in one instance and not in another?  It would appear that IPsec created an appropriate firewall rule with the IPcop VPN.

      So, before I get into anymore details, I would like to ask.  Is anyone running an IPsec VPN tunnel between PFsense 2.0 and 2.01?  I just want to check and see if this is possibly simply a version problem.

      I ask as the settings seem to be perfect for the setup.  The VPN even says is it up, but simple pinging between the two networks does not work.

      1 Reply Last reply Reply Quote 0
      • M
        maldex
        last edited by

        Does only pinging or also TCP/UDP work? (sorry i had quite some hard time with ICMP at first and always also check telneting s/t).

        Did you maybe upgrade Box1 <-> IPcop configuration from a 2Beta and created the Box1 <-> Box2 on 2.0? I might saw the same between 2.0 and 2.0 a while ago, but we just redid this particular installation fresh with 2.01. So can't entirely confirm.

        On the other hand i really appreciate this feature :). Is this then a problem for you or are you just wondering?

        cheers
        Josh

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          The IPsec rules control what traffic is permitted inbound from the VPN, it's always required if you want to permit any traffic in over the VPN.

          1 Reply Last reply Reply Quote 0
          • Z
            zounder1
            last edited by

            @cmb:

            The IPsec rules control what traffic is permitted inbound from the VPN, it's always required if you want to permit any traffic in over the VPN.

            Thank you.  That helped.  I was perplexed as my VPN pfSense <–-> IPCop* was working from the pfSense network to the IPCop network.  (And that is the direction of most traffic) But when I checked the network from IPcop to pfSense it was was not working.

            I added some IPSec firewall rules in pfSense and things started working fine!

            Thanks again.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.