Mobile/ipsec cant access LAN anymore



  • Dear All,

    using pfsense 2.01 we have configured Mobile IPSec tunnel

    clients tunnel established between clients and pfsense box and able to access/connect to LAN Computers.

    What happens is:
    after a while the client lost The LAN connection and cant access to the computers anymore.

    pfsense ipsec configured as:

    Mobile Clients
    Enable IPsec Mobile Client Support
    User Authentication: system
    Group Authentication: system

    Checked Provide a virtual IP address to clients
    network: 10.0.0.30/28
    Checked Provide a list of accessible networks to clients
    Checked Save Xauth Password

    Phase 1
    Authentication methos  :Mutual PSK + Xauth
    Negotiation Mode      : Aggressive
    Server Identifier    : My IP Address
    Peer identifier    :some-name-here
    Pre-Shared Key  :goodpassword
    Policy Generation  :unique
    Proposal Checking  : Obey
    Encryption Algorithm  : AES 256 bits
    Hash Algorithm        : SHA1
    DH Key Group          : 2
    Lifetime              : 86400
    NAT Traversal    : Enable
    Dead Peer Detection  :none

    Phase 2
    Mode      :Tunnel
    Local Network  :LAN subnet
    Protocol              : ESP
    Encryption Algorithms : AES 256 bits
    Hash Algorithms      : SHA1, MD5
    PFS Key Group        : Off
    Lifetime              : 28800

    what error i should look for  ??? trying IPSEC logs, with no luck, please your advice?

    Thanks



  • some snippets of the the contents of the ipsec logs would probably be helpful to diagnose

    i was seeing the same problem you mention where later connections would fail to pass traffic, and i could temporarily work around the issue by disabling IPSEC and then re-enabling IPSEC on the pfsense and then reconnecting the client…the problem would eventually return

    setting the policy generation to "unique" was the longer term fix for me, and i see you have that set but you have some other settings configured non-typical (if there is such a thing for ipsec ;) )

    anyway, you might try rebuilding your connection following this
    http://dekapitein.vorkbaard.nl/tech-1/how-to-set-up-ipsec-tunneling-in-pfsense-2-0-release-for-road-warriors

    with the exception of configuring the policy generation setting to unique instead of default as is depicted in the howto

    that is how i have things setup currently and havent seen the issue return


Log in to reply