Mobile/ipsec cant access LAN anymore

  • Dear All,

    using pfsense 2.01 we have configured Mobile IPSec tunnel

    clients tunnel established between clients and pfsense box and able to access/connect to LAN Computers.

    What happens is:
    after a while the client lost The LAN connection and cant access to the computers anymore.

    pfsense ipsec configured as:

    Mobile Clients
    Enable IPsec Mobile Client Support
    User Authentication: system
    Group Authentication: system

    Checked Provide a virtual IP address to clients
    Checked Provide a list of accessible networks to clients
    Checked Save Xauth Password

    Phase 1
    Authentication methos  :Mutual PSK + Xauth
    Negotiation Mode      : Aggressive
    Server Identifier    : My IP Address
    Peer identifier    :some-name-here
    Pre-Shared Key  :goodpassword
    Policy Generation  :unique
    Proposal Checking  : Obey
    Encryption Algorithm  : AES 256 bits
    Hash Algorithm        : SHA1
    DH Key Group          : 2
    Lifetime              : 86400
    NAT Traversal    : Enable
    Dead Peer Detection  :none

    Phase 2
    Mode      :Tunnel
    Local Network  :LAN subnet
    Protocol              : ESP
    Encryption Algorithms : AES 256 bits
    Hash Algorithms      : SHA1, MD5
    PFS Key Group        : Off
    Lifetime              : 28800

    what error i should look for  ??? trying IPSEC logs, with no luck, please your advice?


  • some snippets of the the contents of the ipsec logs would probably be helpful to diagnose

    i was seeing the same problem you mention where later connections would fail to pass traffic, and i could temporarily work around the issue by disabling IPSEC and then re-enabling IPSEC on the pfsense and then reconnecting the client…the problem would eventually return

    setting the policy generation to "unique" was the longer term fix for me, and i see you have that set but you have some other settings configured non-typical (if there is such a thing for ipsec ;) )

    anyway, you might try rebuilding your connection following this

    with the exception of configuring the policy generation setting to unique instead of default as is depicted in the howto

    that is how i have things setup currently and havent seen the issue return

Log in to reply