Pfsense 2.0 <–-> 2.01 IPsec VPN



  • I'm currently struggling to get an PFsense 2.0 <–-> 2.01 IPsec vpn going.

    I am new with PFsense but have extensive experience with IPsec VPNs so I am quite comfortable with setup.

    So here goes:
    Box1 PFsense 2.0
    Box2 PFsense 2.01

    Box1 is configured for two VPNs.
    VPN1 -->  Dedicated vpn with an IPcop box.  This connection works perfectly
    VPN2 -->  Trying to connect Box1 and Box2.

    Box2 is configured for one VPN
    VPN1  --> Trying to connect Box1 and Box2

    I have read in some posts to add an entry in the Firewall--IPSec section, but I really question why I should have to do that manually.  The VPN created between Box1:PFsense--IPCop has no entries in the Firewall-IPSec section and things work perfectly fine there.  (Pinging between the two networks is fine.)  So why should I need to create a manual entry in one instance and not in another?  It would appear that IPsec created an appropriate firewall rule with the IPcop VPN.

    So, before I get into anymore details, I would like to ask.  Is anyone running an IPsec VPN tunnel between PFsense 2.0 and 2.01?  I just want to check and see if this is possibly simply a version problem.

    I ask as the settings seem to be perfect for the setup.  The VPN even says is it up, but simple pinging between the two networks does not work.



  • Does only pinging or also TCP/UDP work? (sorry i had quite some hard time with ICMP at first and always also check telneting s/t).

    Did you maybe upgrade Box1 <-> IPcop configuration from a 2Beta and created the Box1 <-> Box2 on 2.0? I might saw the same between 2.0 and 2.0 a while ago, but we just redid this particular installation fresh with 2.01. So can't entirely confirm.

    On the other hand i really appreciate this feature :). Is this then a problem for you or are you just wondering?

    cheers
    Josh



  • The IPsec rules control what traffic is permitted inbound from the VPN, it's always required if you want to permit any traffic in over the VPN.



  • @cmb:

    The IPsec rules control what traffic is permitted inbound from the VPN, it's always required if you want to permit any traffic in over the VPN.

    Thank you.  That helped.  I was perplexed as my VPN pfSense <–-> IPCop* was working from the pfSense network to the IPCop network.  (And that is the direction of most traffic) But when I checked the network from IPcop to pfSense it was was not working.

    I added some IPSec firewall rules in pfSense and things started working fine!

    Thanks again.


Log in to reply