PFsense IPSEC/L2TP passthrough


  • Hello,

    I am not happy to say I cannot make ipsec passthrough work via pfsense fw from a client inside to my works cisco vpn concentrator.  They use the Crisco vpn client, which worked flawlessly before I swapped my freebsd9.2 fw box out to pfsense.  It doesnt seem to matter if you allow all esp/ah on any/all network interfaces or floating rules.  Im at a loss if I cant figure this out, Im just going to go back to the old fashioned way.    Could I scrap PF senses builting fw crap and import my pf rules instead from the old system?

    I can only limit this not working to two things:

    1. pfsenses automatic or advanced nat/pf rules are the real cause,  can one import a pf.rules from an old system that worked instead of using pfsense GUI to do so?  How would you?

    2. Are we certain the kernel was built with ALL IPSEC options?

    9.1-release does not include the full list below in stock config:

    options IPSEC
    options IPSEC_NAT_T
    options IPSEC_FILTERTUNNEL
    device enc
    device crypto

    I think the 8.x has same from what memory recalls.

    Anyone know this info? Would be very cool if you do.