Config Conversion - half right (half not yet right…)
-
So I'm working to replace an old debian firewall with a pfsense box, and most of it is going okay.
The big holdup is converting the existing openswan ipsec config. This box has two tunnels, and I've managed to translate one tunnel but not the other.
WORKING TUNNEL
Here's the linux config:
conn pork-beer
authby=secret
left=XXX.27.218.143
leftsubnet=10.0.0.0/23
leftnexthop=XXX.37.70.1
leftsourceip=10.0.0.1
right=XXX.143.230.55
rightsubnet=192.168.1.0/24
rightnexthop=%defaultroute
rightsourceip=192.168.1.1
auto=start
compress=no
dpddelay=30
dpdtimeout=120
esp=3des-sha1-96
pfs=yes
ikelifetime=24h
rekey=yesAnd the matching pfsense config is:
That all works fine. My problem is the next bit:
NOT-WORKING TUNNEL
conn pork-to-cellco
type=tunnel
esp=3des-md5
ike=3des-md5
keyexchange=ike
pfs=yes
authby=secret
left=XXX.27.218.143
leftsubnet=10.0.0.0/25
leftnexthop=%defaultroute
right=XXX.6.200.4
rightsubnet=10.15.0.0/20
rightnexthop=%defaultroute
auto=startMy attempt at a pfSense config:
So short of guessing over and over, what have I got wrong ?