IPSec site-to-site WAN2, IPSec Mobile WAN1 = Mobile can't connect when other is

  • Not sure when this stopped working as I only ever tried once and didn't end up keeping it that way but now want to.

    Basically I have a site-to-site on WAN2 to a remote pfSense box.
    I want to setup WAN1 to also do IPsec but host for mobile clients, however it seems if the site-to-site is connected the mobile clients are unable to connect, I just get the following in the logs:

    Apr 14 11:28:46 racoon: ERROR: phase1 negotiation failed due to time up.
    Apr 14 11:28:01 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by XX.XXX.XXX.XX[500] (1).  (Repeated 3 times)
    Apr 14 11:27:56 racoon: INFO: Adding xauth VID payload.

    Oddly enough though if I disable the site-to-site, connect with a mobile client, enable site-to-site both work until the mobile client tries to re-connect the next time which results in the above again.

    The site-to-site is not using any NAT Traversal but the mobile one is if that matters any.

    Any thoughts? One would think multiple WAN's can host own connection.

    WAN1 and WAN2 are different ISP's w/ static IP.

    IF I change the mobile IPsec to using WAN2 so they are both on the same ISP/IP both work fine.

    This is running latest SNAP btw also.

  • Anyone else able to test this?

    I know it use to work and seems odd the reverse works but just wondering.

Log in to reply