IPSec + OpenVPN client
-
Maybe I'm doing someyhing wrong. I can use IPSec and can connect to pfsense from outside. If I enable one OpenVPN client in pfsense, IPSec dosn't conect anymore. Can't both be used at the same time?
PFsense 2.2.2 with 4GB
Intel NicsJun 1 21:35:25 charon: 16[JOB] <4> deleting half open IKE_SA after timeout Jun 1 21:35:08 charon: 11[JOB] <3> deleting half open IKE_SA after timeout Jun 1 21:35:07 charon: 03[IKE] <4> looking for a route to xx.xx.xx.xx ... Jun 1 21:35:07 charon: 03[IKE] <4> looking for a route to xx.xx.xx.xx ... Jun 1 21:35:07 charon: 03[IKE] <4> old path is not available anymore, try to find another Jun 1 21:35:07 charon: 03[IKE] <4> old path is not available anymore, try to find another Jun 1 21:35:07 charon: 03[IKE] <3> looking for a route to xx.xx.xx.xx ... Jun 1 21:35:07 charon: 03[IKE] <3> looking for a route to xx.xx.xx.xx ... Jun 1 21:35:07 charon: 03[IKE] <3> old path is not available anymore, try to find another Jun 1 21:35:07 charon: 03[IKE] <3> old path is not available anymore, try to find another Jun 1 21:35:07 charon: 13[KNL] interface ovpnc1 activated Jun 1 21:35:05 charon: 13[NET] <4> sending packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (180 bytes) Jun 1 21:35:05 charon: 13[IKE] <4> received retransmit of request with ID 0, retransmitting response Jun 1 21:35:05 charon: 13[IKE] <4> received retransmit of request with ID 0, retransmitting response Jun 1 21:35:05 charon: 13[NET] <4> received packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (668 bytes) Jun 1 21:35:01 charon: 12[NET] <4> sending packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (180 bytes) Jun 1 21:35:01 charon: 12[IKE] <4> received retransmit of request with ID 0, retransmitting response Jun 1 21:35:01 charon: 12[IKE] <4> received retransmit of request with ID 0, retransmitting response Jun 1 21:35:01 charon: 12[NET] <4> received packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (668 bytes) Jun 1 21:34:58 charon: 12[NET] <4> sending packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (180 bytes) Jun 1 21:34:58 charon: 12[IKE] <4> received retransmit of request with ID 0, retransmitting response Jun 1 21:34:58 charon: 12[IKE] <4> received retransmit of request with ID 0, retransmitting response Jun 1 21:34:58 charon: 12[NET] <4> received packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (668 bytes) Jun 1 21:34:55 charon: 12[NET] <4> sending packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (180 bytes) Jun 1 21:34:55 charon: 12[ENC] <4> generating ID_PROT response 0 [ SA V V V V V ] Jun 1 21:34:55 charon: 12[IKE] <4> xx.xx.xx.xx is initiating a Main Mode IKE_SA
-
Can't both be used at the same time?
No. https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site
Any IPSec tunnel that references the same pair of subnets configured for use in OpenVPN must be disabled. IPSec and OpenVPN do not conflict otherwise.
-
damn… thanks. ;)
-
Well… I've been trying to find a way for this configuration:
- 1 ipsec server
- 1 openvpn client
Only solution I see is to use openvpn only, right?