DHCP for IPSEC Clients

morgan14 · May 5, 2008, 9:58 AM

Hi, i have a tiny problem with my cisco vpn client.

When I try to connect to my pfsense box, no ip address are given to my client.

When i see my logs i have something like that :

So maybe if i make a rule to have dhcp on ipsec it will work.

How can I do that ?

hoba · May 5, 2008, 7:52 PM

You don't do DHCP for IPSEC-Clients. The client has to specify the local subnet for mobile clients. You probably think the "unknown gateway/dynamic" is a bug but it just tells you that the endpoint that this log message is about is a mobile client and not a statically configured tunnel.

Your mainproblem is that you don't have proper authentication settings and from what it looks like don't have an appropriate remote subnet set in the client either.

morgan14 · May 6, 2008, 8:10 AM

my remote subnet ?

Can you advice me about my setting :

10.56.146.0/23 –--- internet ---modem with PfSenseon DMZ 128.162.49.0/24 ----- LAN : 192.168.1.0/24

So my remote subnet it the first : 10.56.146.0/23 ?

hoba · May 6, 2008, 7:29 PM

Your Cisco client needs to specify a local subnet for his end of the tunnel (from the pfSense point of view this is the remote subnet behind the tunnel). As this is a single client ist should be a /32. I don't know the cisco client so I can't tell you how to set it up.