PFsense IPSEC/L2TP passthrough
-
Hello,
I am not happy to say I cannot make ipsec passthrough work via pfsense fw from a client inside to my works cisco vpn concentrator. They use the Crisco vpn client, which worked flawlessly before I swapped my freebsd9.2 fw box out to pfsense. It doesnt seem to matter if you allow all esp/ah on any/all network interfaces or floating rules. Im at a loss if I cant figure this out, Im just going to go back to the old fashioned way. Could I scrap PF senses builting fw crap and import my pf rules instead from the old system?
I can only limit this not working to two things:
-
pfsenses automatic or advanced nat/pf rules are the real cause, can one import a pf.rules from an old system that worked instead of using pfsense GUI to do so? How would you?
-
Are we certain the kernel was built with ALL IPSEC options?
9.1-release does not include the full list below in stock config:
options IPSEC
options IPSEC_NAT_T
options IPSEC_FILTERTUNNEL
device enc
device cryptoI think the 8.x has same from what memory recalls.
Anyone know this info? Would be very cool if you do.
-