Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense IPSEC/L2TP passthrough

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fyoory
      last edited by

      Hello,

      I am not happy to say I cannot make ipsec passthrough work via pfsense fw from a client inside to my works cisco vpn concentrator.  They use the Crisco vpn client, which worked flawlessly before I swapped my freebsd9.2 fw box out to pfsense.  It doesnt seem to matter if you allow all esp/ah on any/all network interfaces or floating rules.  Im at a loss if I cant figure this out, Im just going to go back to the old fashioned way.    Could I scrap PF senses builting fw crap and import my pf rules instead from the old system?

      I can only limit this not working to two things:

      1. pfsenses automatic or advanced nat/pf rules are the real cause,  can one import a pf.rules from an old system that worked instead of using pfsense GUI to do so?  How would you?

      2. Are we certain the kernel was built with ALL IPSEC options?

      9.1-release does not include the full list below in stock config:

      options IPSEC
      options IPSEC_NAT_T
      options IPSEC_FILTERTUNNEL
      device enc
      device crypto

      I think the 8.x has same from what memory recalls.

      Anyone know this info? Would be very cool if you do.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.