Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    V2.2.3 - IKEv1 phase 2 works when IKEv2 phase 2 does not

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 771 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maglaubig
      last edited by

      I have 2 remote sites with identical HP routers connecting to a pfSense 2.2.3 with one minor configuration difference.  Site A has a single WAN IP with outbound NAT all to a single IP from multiple internal networks.  Site B has multiple WAN IPs with outbound NAT differing depending upon the source network (a guest network).

      For Site A to pfSense, IKEv2 works just fine.  I was so impressed with IKEv2 I was attempting to switch Site B over as well.  Phase 1 comes up, but Phase 2 never makes it.  I got the idea to try IKEv1 from this really old post, not sure if this is the root cause of the problem and it's not all that clear to me why switching to IKEv1 worked (in the case of the post or my own config):

      https://wiki.strongswan.org/issues/170

      I thought this might be related to another post, but I think from the logs posted IKEv1 was being used:

      https://forum.pfsense.org/index.php?topic=96750.0

      I'd really like to have this working on IKEv2, but I'll take IKEv1 for the time being.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.