Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mobile/ipsec cant access LAN anymore

    IPsec
    2
    2
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gooldin
      last edited by

      Dear All,

      using pfsense 2.01 we have configured Mobile IPSec tunnel

      clients tunnel established between clients and pfsense box and able to access/connect to LAN Computers.

      What happens is:
      after a while the client lost The LAN connection and cant access to the computers anymore.

      pfsense ipsec configured as:

      Mobile Clients
      Enable IPsec Mobile Client Support
      User Authentication: system
      Group Authentication: system

      Checked Provide a virtual IP address to clients
      network: 10.0.0.30/28
      Checked Provide a list of accessible networks to clients
      Checked Save Xauth Password

      Phase 1
      Authentication methos  :Mutual PSK + Xauth
      Negotiation Mode      : Aggressive
      Server Identifier    : My IP Address
      Peer identifier    :some-name-here
      Pre-Shared Key  :goodpassword
      Policy Generation  :unique
      Proposal Checking  : Obey
      Encryption Algorithm  : AES 256 bits
      Hash Algorithm        : SHA1
      DH Key Group          : 2
      Lifetime              : 86400
      NAT Traversal    : Enable
      Dead Peer Detection  :none

      Phase 2
      Mode      :Tunnel
      Local Network  :LAN subnet
      Protocol              : ESP
      Encryption Algorithms : AES 256 bits
      Hash Algorithms      : SHA1, MD5
      PFS Key Group        : Off
      Lifetime              : 28800

      what error i should look for  ??? trying IPSEC logs, with no luck, please your advice?

      Thanks

      1 Reply Last reply Reply Quote 0
      • B
        boogieshafer
        last edited by

        some snippets of the the contents of the ipsec logs would probably be helpful to diagnose

        i was seeing the same problem you mention where later connections would fail to pass traffic, and i could temporarily work around the issue by disabling IPSEC and then re-enabling IPSEC on the pfsense and then reconnecting the client…the problem would eventually return

        setting the policy generation to "unique" was the longer term fix for me, and i see you have that set but you have some other settings configured non-typical (if there is such a thing for ipsec ;) )

        anyway, you might try rebuilding your connection following this
        http://dekapitein.vorkbaard.nl/tech-1/how-to-set-up-ipsec-tunneling-in-pfsense-2-0-release-for-road-warriors

        with the exception of configuring the policy generation setting to unique instead of default as is depicted in the howto

        that is how i have things setup currently and havent seen the issue return

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.