Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense as cilent for Cisco IPsec VPN server

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alexrotaru
      last edited by

      Hi all,

      I've been trying to configure my pfsense gateway (i386 latest version) to an IPsec VPN network, but without any luck. I read several tutorials, including  https://doc.pfsense.org/index.php/IPsec_between_pfSense_and_Cisco_IOS, https://doc.pfsense.org/index.php/VPN_Capability_IPsec, https://doc.pfsense.org/index.php/IPsec_between_pfSense_and_a_Cisco_PIX, but still no luck…

      The connection details that I have are: groupame, pre-shared key, username and password. I was not able to find anyway to  specify the group name, username or password. (I went through both phase 1 and phase 2).

      I start to think that what I need to do is not possible, at least not with the information that I currently have…

      Looking forward to any ideas that could help me salve this issue!

      Thanks a lot!
      Alex

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        The requirement for the username and password after connecting is xauth.  Note that both of the cisco configs in the examples you cite have "no-xauth" on the tunnels so username and password is not required.

        It doesn't look to me like the pfSense IPsec client can do xauth.  That is typically not used for site-to-site.  Sure you don't just want to run the cisco ipsec client on a workstation behind pfSense?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • A
          alexrotaru
          last edited by

          Derelict, thank you for replying to my post!

          The reason I want to have pfSense connect to the VPN server is that I want to be able to connect my mobile devices to my WiFi network and have access to the remote site through the VPN tunnel.

          As a workaround, I can use a Mac to connect to the VPN and create a hotspot (I thins to be more reliable on a Mac than on Windows), but I consider this option as the last option.

          Another solution is to buy another AccessPoint that offers Cisco IPSec with authentication, but my searches on the internet have not been very productive. If any of you know of an example, please let me know. (I have a Tomato AP, but that doesn't support IPSec out of the box)

          Thanks,
          Alex

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.