My first site-2-site ipsec tunnel with pfsense
-
Hello, i hope you can help me with this pfsense->Juniper site-2-site VPN.
The objects are:LAN(192.168.1.0/24) -> (192.168.1.21)pfsense(85.55.25.25 publicIP) -> (85.55.25.20 publicGTW) -> (85.55.20.20)juniper(10.13.20.20/30) -> (10.13.10.4/32)server
I'm in "LAN" and i've setup VPN tunnel to juniper i think with success (the cross icon on ipsec status is yellow but the DPD each 10 secs poll the destination for tunnel up and get response).
But i get this in the ipsec LOG:Jan 29 17:32:01 racoon: DEBUG: encrypted. Jan 29 17:32:01 racoon: [Unknown Gateway/Dynamic]: DEBUG: 92 bytes from 85.55.25.25[500] to 85.55.20.20[500] Jan 29 17:32:01 racoon: [Unknown Gateway/Dynamic]: DEBUG: sockname 85.55.25.25[500] Jan 29 17:32:01 racoon: [Unknown Gateway/Dynamic]: DEBUG: send packet from 85.55.25.25[500] Jan 29 17:32:01 racoon: DEBUG: send packet to 85.55.20.20[500] Jan 29 17:32:01 racoon: DEBUG: 1 times of 92 bytes message will be sent to 85.55.20.20[500] Jan 29 17:32:01 racoon: DEBUG: 788bffa7 67841072 065d3eec 5f3f8d86 08100501 b05e1e42 0000005c b18b3520 2cc6078c f8e02583 c6583169 5736f457 bd30b3ed 68372cdc 11152f46 8603d17d 9220ccff 0ed576ac ab01504b c54d648c e4a539e0 0d00150c 1534697f Jan 29 17:32:01 racoon: DEBUG: sendto Information notify. Jan 29 17:32:01 racoon: DEBUG: IV freed Jan 29 17:32:01 racoon: [BPM (P1)]: [85.55.20.20] DEBUG: DPD R-U-There sent (0) Jan 29 17:32:01 racoon: [BPM (P1)]: [85.55.20.20] DEBUG: rescheduling send_r_u (5). Jan 29 17:32:01 racoon: DEBUG: === Jan 29 17:32:01 racoon: DEBUG: 92 bytes message received from 85.55.20.20[500] to 85.55.25.25[500] Jan 29 17:32:01 racoon: DEBUG: 788bffa7 67841072 065d3eec 5f3f8d86 08100501 52a1dd80 0000005c c82d2bac 432b123e c0506561 4f99a154 a2e57b7a ed8e6c64 ce228e9e ffb8a26e 25848201 31a6763e 386b1d90 8edafd1a 302df3f5 c06bf444 998713f5 d3ce873b Jan 29 17:32:01 racoon: DEBUG: receive Information. Jan 29 17:32:01 racoon: DEBUG: compute IV for phase2 Jan 29 17:32:01 racoon: DEBUG: phase1 last IV:
I've setup NAT Outbound from 192.168.1.0/24 to 10.13.20.20/30 (i must appear with this subnet on the remote network).
But i've no communication to the remote server 10.13.10.4. No ping, no services.The route table is:
IPv4 Destination Gateway Flags Refs Use Mtu Netif Expire default 85.55.25.20 UGS 0 16543 1500 em0 10.13.0.0/16 85.55.20.20 UGS 0 37 1500 em0 85.55.20.20 85.55.25.20 UGHS 0 3045 1500 em0 85.55.25.24/29 link#1 U 0 11308 1500 em0 85.55.25.25 link#1 UHS 0 0 16384 lo0 127.0.0.1 link#6 UH 0 51 16384 lo0 192.168.1.0/24 link#2 U 0 5294 1500 em1 192.168.1.21 link#2 UHS 0 0 16384 lo0
Many thanks
RR
-
You can't use NAT and IPsec together unless you're on a recent 2.1 snapshot.