4. V2.2.3 - IKEv1 phase 2 works when IKEv2 phase 2 does not

V2.2.3 - IKEv1 phase 2 works when IKEv2 phase 2 does not

  • M

    I have 2 remote sites with identical HP routers connecting to a pfSense 2.2.3 with one minor configuration difference.  Site A has a single WAN IP with outbound NAT all to a single IP from multiple internal networks.  Site B has multiple WAN IPs with outbound NAT differing depending upon the source network (a guest network).

    For Site A to pfSense, IKEv2 works just fine.  I was so impressed with IKEv2 I was attempting to switch Site B over as well.  Phase 1 comes up, but Phase 2 never makes it.  I got the idea to try IKEv1 from this really old post, not sure if this is the root cause of the problem and it's not all that clear to me why switching to IKEv1 worked (in the case of the post or my own config):

    https://wiki.strongswan.org/issues/170

    I thought this might be related to another post, but I think from the logs posted IKEv1 was being used:

    https://forum.pfsense.org/index.php?topic=96750.0

    I'd really like to have this working on IKEv2, but I'll take IKEv1 for the time being.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy