IPsec IKEv1 Configuration - with Mutual RSA + Xauth & Route all traffic



  • Let me share the IPsec IKEv1 Configuration PFSense settings that I am using. It uses Mutual RSA + Xauth and routes - ALL - traffic via IPSEC

    https://drive.google.com/file/d/0B5vAD_Xq4PXzUlA5T1dZTHZsbWc/view?usp=sharing



  • Is this version 2.2 of PfSense. I have been able to do this in version 2.1.5 but not in 2.2. I had to revert back to 2.1.5 for the reason that the IOS devices were not sending ALL traffic over VPN. Can you confirm if this is over 2.2

    SAM


  • Rebel Alliance Developer Netgate

    @sammybernard:

    Is this version 2.2 of PfSense. I have been able to do this in version 2.1.5 but not in 2.2. I had to revert back to 2.1.5 for the reason that the IOS devices were not sending ALL traffic over VPN. Can you confirm if this is over 2.2

    Please start a separate thread for a new issue. And be sure to read the release notes on the blog post, that specific issue (Mobile IPsec for Internet traffic) was covered in the release notes.



  • I did not find any mention about it in the Release Note / Change logs but I eventually found a mention about it in this blog plost https://blog.pfsense.org/?p=1546. Based on the reading I think my configuration falls into the category of " incorrect configuration that worked before no longer will". So if anyone else is having a similar issue the above might be a blog post that might answer your question. I personally have not tried it with the 0.0.0.0/0 setting since I already reverted back to 2.1.5 and will wait for the 2.2.1 version before updating but I'm guesssing if that the 'correct way to do it in 2.2' then it should work. The new NAT settings were the other place we were seeing some unexpected behavior so thats also another reason for us to revert back. I would not want people to think we are not upgrading because of this sole ipsec issue.

    SAM


  • Rebel Alliance Developer Netgate

    The blog posts are the official announcements and included a note about that issue.

    It was not listed in the upgrade guide, so I corrected that:
    https://doc.pfsense.org/index.php/Upgrade_Guide#IPsec_Changes


Log in to reply