Multiple IPSec Passthrough?

  • Should I be able to do two IPSec passthrough connections, from two different hosts in the private network to two different servers using Beta2?

    Does anyone know of specific issues with SonicWall GlobalVPN client software and pfSense?

  • I would assume yes but have not tested that yet. Does a single connection from a single client to a server work for you?

  • Edit:  Gaaahhh!  Removing the 1300 MTU allows it to work.  Of course, this being a a Windows system, I had to reboot for it to take effect.  I'll bring up the other system later this evening and try both.  I'd like to know what set my MTU to 1300.  Probably Symantec or Contivity clients.  Or maybe Checkpoint.  They are my least favorite.  Cisco's is okay, Sonicwall isn't too bad except for adding the DNE driver.

    _Edit 2: Okay, it works with two, even to the same server.  Neither one would work this morning for some reason.  The other Windows system diid not have an MTU set like the first, so I'm not sure that was related, but I don't know why swapping firewalls should require a reboot – then again, it IS Windows.... ;)

    Either tomorrow or Friday I'll try with Sonicwall on one system and Contivity on the other, using different servers (of course)._


    Turns out not even one passthrough works.  Other than the interface addresses, I have pretty much a default pfSense config.  Only the default rules are there.

    I'm using Sonicwall GVPN 3.10 and I just moved the connections from a Linksys running OpenWRT where it worked fine and get "Peer not responding to phase 1" in the Sonicwall log.

    It worked yesterday on m0n0wall.

    I checked and my PC has MTU of 1300 -- I don't know why, but that means it sends out two packets each time, one as ISAKMP, one as just IP.  I don't know why it's 1300.  I often have various IPSec clients installed, some poorly behaved.  Perhaps one of them set it thusly.  In any case it was working 30 mins ago like that on the Linksys.

    I'll change my MTU to see if that makes a difference.

  • I'm happy to report that two IPSec passthrough connections work just fine from two different hosts into two different servers.

    One is Sonicwall GVPN client to my employer's Sonciwall server.  The other is Contivity client to a customer's server.

    In fact I should be able to test a third simultaneous connection tonight.  It'll also be Contivity, but into a third server.  I have other client software, but don't think I have any other currently active accounts to test with.

    I'm tickled – this was always somewhat problematic with previous firewall/NAT devices.

Log in to reply