PfSense on a KVM virtual machine for IPSec



  • Hello everyone,

    i have to setup a VPN IPSec for a VM in a KVM environment.

    I set up a new VM with pfSense 2.0.3 with the following configuration:
    WAN: directly mapped to public IP, ( for installing i needed to manually add the default gateway route from shell for reaching pfSense from the external IP, after the wizard, the gw is correctly saved and i can reach the web configuration from the internet)
    LAN: mapped to a routed internal network (192.168.121.0) created from KVM (no dhcp server from KVM)

    The first problem is that when i setup DHCP Server for the LAN in pfSense, if i use the pfsense ip (192.168.121.2) as the gateway, other clients cannot reach the internet. If i use 192.168.121.1 (KVM host) the other clients in the network can reach the internet but i don't think this is the correct configuration because the traffic need to pass through the firewall. Do pfsense need some configuration to act as a gateway?  ???

    Trying to get working the VPN with the dhcp server configurated to give 192.168.121.1 as gateway is not working.
    I am not sure if the gw is the problem  ???, anyway this is the error in the log (after correctly setting up phase 1):

    May 21 16:41:08 racoon: ERROR: <firewall external="" ip="">give up to get IPsec-SA due to time up to wait.
    May 21 16:40:38 racoon: [Fastweb lattanzio]: INFO: IPsec-SA established: ESP <firewall external="" ip="">[500]-><my external="" ip="">[500] spi=2598844918(0x9ae739f6)
    May 21 16:40:38 racoon: ERROR: pfkey UPDATE failed: Invalid argument

    Thanks for any help</my></firewall></firewall>


Locked