Example: pfSense and Openswan (mobile pfsense, gateway-to-gateway)
cshue last edited by
In preparing my undergrad network security course, I set up a couple pfsense boxes to talk to a couple Ubuntu boxes. Each of my students was set up to have a /24 to work on for their projects. In doing the background searches for how to do this, I saw a number of other people were not able to figure it out. It took me a while to do so myself and it seems the default algorithms used by pfsense and openswan are not in alignment, so I specified them explicitly to get it to work. Since this was a little painful, I thought I'd provide my configurations in case they would help other users. The configuration files and details are available at http://web.cs.wpi.edu/~cshue/resources.html.
The configuration has the Ubuntu openswan boxes on static IPs whereas the pfsense boxes are on dynamic IPs. Both the openswan and pfsense boxes have subnets (gateway-to-gateway), so this might be a decent example of that configuration as well. It is also an example of several phase 2 IPSec configurations using the same phase 1 on both boxes.
I hope this helps,