Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    My first site-2-site ipsec tunnel with pfsense

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      remoz76
      last edited by

      Hello, i hope you can help me with this pfsense->Juniper site-2-site VPN.
      The objects are:

      LAN(192.168.1.0/24) -> (192.168.1.21)pfsense(85.55.25.25 publicIP) -> (85.55.25.20 publicGTW) -> (85.55.20.20)juniper(10.13.20.20/30) -> (10.13.10.4/32)server
      I'm in "LAN" and i've setup VPN tunnel to juniper i think with success (the cross icon on ipsec status is yellow but the DPD each 10 secs poll the destination for tunnel up and get response).
      But i get this in the ipsec LOG:

      Jan 29 17:32:01 	racoon: DEBUG: encrypted.
      Jan 29 17:32:01 	racoon: [Unknown Gateway/Dynamic]: DEBUG: 92 bytes from 85.55.25.25[500] to 85.55.20.20[500]
      Jan 29 17:32:01 	racoon: [Unknown Gateway/Dynamic]: DEBUG: sockname 85.55.25.25[500]
      Jan 29 17:32:01 	racoon: [Unknown Gateway/Dynamic]: DEBUG: send packet from 85.55.25.25[500]
      Jan 29 17:32:01 	racoon: DEBUG: send packet to 85.55.20.20[500]
      Jan 29 17:32:01 	racoon: DEBUG: 1 times of 92 bytes message will be sent to 85.55.20.20[500]
      Jan 29 17:32:01 	racoon: DEBUG: 788bffa7 67841072 065d3eec 5f3f8d86 08100501 b05e1e42 0000005c b18b3520 2cc6078c f8e02583 c6583169 5736f457 bd30b3ed 68372cdc 11152f46 8603d17d 9220ccff 0ed576ac ab01504b c54d648c e4a539e0 0d00150c 1534697f
      Jan 29 17:32:01 	racoon: DEBUG: sendto Information notify.
      Jan 29 17:32:01 	racoon: DEBUG: IV freed
      Jan 29 17:32:01 	racoon: [BPM (P1)]: [85.55.20.20] DEBUG: DPD R-U-There sent (0)
      Jan 29 17:32:01 	racoon: [BPM (P1)]: [85.55.20.20] DEBUG: rescheduling send_r_u (5).
      Jan 29 17:32:01 	racoon: DEBUG: ===
      Jan 29 17:32:01 	racoon: DEBUG: 92 bytes message received from 85.55.20.20[500] to 85.55.25.25[500]
      Jan 29 17:32:01 	racoon: DEBUG: 788bffa7 67841072 065d3eec 5f3f8d86 08100501 52a1dd80 0000005c c82d2bac 432b123e c0506561 4f99a154 a2e57b7a ed8e6c64 ce228e9e ffb8a26e 25848201 31a6763e 386b1d90 8edafd1a 302df3f5 c06bf444 998713f5 d3ce873b
      Jan 29 17:32:01 	racoon: DEBUG: receive Information.
      Jan 29 17:32:01 	racoon: DEBUG: compute IV for phase2
      Jan 29 17:32:01 	racoon: DEBUG: phase1 last IV:
      

      I've setup NAT Outbound from 192.168.1.0/24 to 10.13.20.20/30 (i must appear with this subnet on the remote network).
      But i've no communication to the remote server 10.13.10.4. No ping, no services.

      The route table is:

      IPv4
      Destination 	           Gateway 	        Flags 	Refs   	Use  	Mtu 	        Netif 	Expire
      default 	                   85.55.25.20 	        UGS    	0 	        16543 	1500 	em0 	 
      10.13.0.0/16 	           85.55.20.20 	        UGS 	       0 	        37 	        1500 	em0 	 
      85.55.20.20 	           85.55.25.20 	        UGHS 	0 	        3045 	1500 	em0 	 
      85.55.25.24/29 	   link#1 	                U 	        0 	        11308 	1500 	em0 	 
      85.55.25.25 	           link#1 	                UHS 	        0 	        0 	        16384 	lo0 	 
      127.0.0.1 	           link#6 	                UH 	        0 	        51 	        16384 	lo0 	 
      192.168.1.0/24 	   link#2 	                U 	        0 	        5294 	1500 	em1 	 
      192.168.1.21          	   link#2 	                UHS 	        0 	        0 	        16384 	lo0
      
      

      Many thanks

      RR

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You can't use NAT and IPsec together unless you're on a recent 2.1 snapshot.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.