4. Pfsense 2.0 <–-> 2.01 IPsec VPN

Pfsense 2.0 <–-> 2.01 IPsec VPN

  • Z

    I'm currently struggling to get an PFsense 2.0 <–-> 2.01 IPsec vpn going.

    I am new with PFsense but have extensive experience with IPsec VPNs so I am quite comfortable with setup.

    So here goes:
    Box1 PFsense 2.0
    Box2 PFsense 2.01

    Box1 is configured for two VPNs.
    VPN1 -->  Dedicated vpn with an IPcop box.  This connection works perfectly
    VPN2 -->  Trying to connect Box1 and Box2.

    Box2 is configured for one VPN
    VPN1  --> Trying to connect Box1 and Box2

    I have read in some posts to add an entry in the Firewall--IPSec section, but I really question why I should have to do that manually.  The VPN created between Box1:PFsense--IPCop has no entries in the Firewall-IPSec section and things work perfectly fine there.  (Pinging between the two networks is fine.)  So why should I need to create a manual entry in one instance and not in another?  It would appear that IPsec created an appropriate firewall rule with the IPcop VPN.

    So, before I get into anymore details, I would like to ask.  Is anyone running an IPsec VPN tunnel between PFsense 2.0 and 2.01?  I just want to check and see if this is possibly simply a version problem.

    I ask as the settings seem to be perfect for the setup.  The VPN even says is it up, but simple pinging between the two networks does not work.

    0
  • M

    Does only pinging or also TCP/UDP work? (sorry i had quite some hard time with ICMP at first and always also check telneting s/t).

    Did you maybe upgrade Box1 <-> IPcop configuration from a 2Beta and created the Box1 <-> Box2 on 2.0? I might saw the same between 2.0 and 2.0 a while ago, but we just redid this particular installation fresh with 2.01. So can't entirely confirm.

    On the other hand i really appreciate this feature :). Is this then a problem for you or are you just wondering?

    cheers
    Josh

    0
  • C

    The IPsec rules control what traffic is permitted inbound from the VPN, it's always required if you want to permit any traffic in over the VPN.

    0
  • Z

    @cmb:

    The IPsec rules control what traffic is permitted inbound from the VPN, it's always required if you want to permit any traffic in over the VPN.

    Thank you.  That helped.  I was perplexed as my VPN pfSense <–-> IPCop* was working from the pfSense network to the IPCop network.  (And that is the direction of most traffic) But when I checked the network from IPcop to pfSense it was was not working.

    I added some IPSec firewall rules in pfSense and things started working fine!

    Thanks again.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy