DHCP for IPSEC Clients



  • Hi, i have a tiny problem with my cisco vpn client.

    When I try to connect to my pfsense box, no ip address are given to my client.

    When i see my logs i have something like that :

    So maybe if i make a rule to have dhcp on ipsec it will work.

    How can I do that ?



  • You don't do DHCP for IPSEC-Clients. The client has to specify the local subnet for mobile clients. You probably think the "unknown gateway/dynamic" is a bug but it just tells you that the endpoint that this log message is about is a mobile client and not a statically configured tunnel.

    Your mainproblem is that you don't have proper authentication settings and from what it looks like don't have an appropriate remote subnet set in the client either.



  • my remote subnet ?

    Can you advice me about my setting :

    10.56.146.0/23 –--- internet ---modem with PfSenseon DMZ 128.162.49.0/24 ----- LAN : 192.168.1.0/24

    So my remote subnet it the first : 10.56.146.0/23 ?



  • Your Cisco client needs to specify a local subnet for his end of the tunnel (from the pfSense point of view this is the remote subnet behind the tunnel). As this is a single client ist should be a /32. I don't know the cisco client so I can't tell you how to set it up.


Log in to reply