IPSEC using VIP Alias (PPPoE) - PFSense 2.1


  • HI Guys,

    Using PFSense 2.1. I'm having trouble getting IPSEC to work using a virtual IP Alias given by our ISP.

    I currently have an IPSEC link working using the standard WAN (PPPoE)

    I also know that the VIP Alias can work because if I set up a 1:1 nat mapping to another ip on my network it works correctly.

    When configuring the IPSEC link in the GUI i am selecting the VIP as the interface - all other settings are equivalent and working on the standard WAN interface.

    When I attempt to start the IPSEC connection it gives me the following errors:

    racoon: ERROR: phase1 negotiation failed due to send error

    and then tells me there is no phase1 connection etc

    Has anyone got an VIP Alias to work with IPSEC?

    I think its the same as this unresolved post
    https://forum.pfsense.org/index.php?topic=36662.0
    And this mailing list guy eventually gave up
    http://lists.pfsense.org/pipermail/list/2012-July/002677.html


  • The only way I got it to work was to:

    1. Set up one pfSense gateway to connect to the internet via pppoe
    2. set up another pfSense as an IPSEC initiator and set up the IPSEC connection.
    3. Box (1) is my default gateway to the internet
    4. I route all traffic from (2) to (1) so that IPSEC box can route outwards to establish the IPSEC connection
    5. I set up a customer route from (1) to (2) for any traffic going to the remote site.

    PM me if you want more details.