Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfSense IPSec Connection to D-LINK DFL-1100 ?

    IPsec
    2
    8
    6424
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      siri69 last edited by

      Hi,

      are there special settings to get this running ?
      I try to attach a few screenshots but seems to big.

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        I don't know the GUI of the dlink device but I have experienced different vendors using other terms for the various options. Try to get the screenshots online somehow (gif should be fine) and I'll try to guess the corrosponding settings  ::)

        1 Reply Last reply Reply Quote 0
        • S
          siri69 last edited by

          OK just test some other settings,
          now I think I get a VPN tunnel, but no ping is possibel from the pfsense router to the remote roter and back.
          Think something wrong with the Firewall Settings ?
          How must i configure them ? I dont want to route Local traffic to the WAN interface.

          Company LAN is 172.16.180.0/24
          pfSense LAN is 192.168.1.0/24












          1 Reply Last reply Reply Quote 0
          • S
            siri69 last edited by

            and here the DFL-1100 VPN Config






            1 Reply Last reply Reply Quote 0
            • H
              hoba last edited by

              You are using a dyndns IP as destination at the dlink. Tunnels between dynamic IPs are not suported but there is an option to get it going (maybe, you have to try).
              First of all, you have to use aggressive mode. main mode is only for static IPs at both ends.

              At the pfSense end delete the tunnel definition. Then move to the tab "mobile IPSEC". Add your tunneldefinitions there and use the dyndns domain as identifier. Then save. Move to the "preshared keys" tab and add an identifier like "remote.site" and a "secret1234" there.
              Apply all your settings. IPSEC still has to be enabled at the pfsense side though there are no static tunnels now anymore.

              Then go to the dlink and use the dyndns domain name as endpoint along with mode agressive and the identifier and preshared key you entered at the pfsense end.

              save all settings.

              This MIGHT work (I have a similiar setup running with an IPSEC client as roadwarrior but it should/could work with a site-to-site connection too).  ::)

              1 Reply Last reply Reply Quote 0
              • S
                siri69 last edited by

                Ok will try,
                but the DFL-1100 has a static IP (and also static dns) (company)
                so the pfSense should be the "mobil" client,  or ?

                1th Changed to aggressive mode,
                but no ping between the networks..



                1 Reply Last reply Reply Quote 0
                • H
                  hoba last edited by

                  In that way the pfsense has the static tunnel definition. Check out this tutorial for some thoughts how the pfSense at the dynamic end has to be set up: http://pfsense.com/mirror.php?section=tutorials/mobile_ipsec/

                  1 Reply Last reply Reply Quote 0
                  • S
                    siri69 last edited by

                    ok thanks,
                    will work now also with static tunnel.
                    I have changed my lan IPs so routing is easyer..

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post