DHCP for IPSEC Clients

  • Hi, i have a tiny problem with my cisco vpn client.

    When I try to connect to my pfsense box, no ip address are given to my client.

    When i see my logs i have something like that :

    So maybe if i make a rule to have dhcp on ipsec it will work.

    How can I do that ?

  • You don't do DHCP for IPSEC-Clients. The client has to specify the local subnet for mobile clients. You probably think the "unknown gateway/dynamic" is a bug but it just tells you that the endpoint that this log message is about is a mobile client and not a statically configured tunnel.

    Your mainproblem is that you don't have proper authentication settings and from what it looks like don't have an appropriate remote subnet set in the client either.

  • my remote subnet ?

    Can you advice me about my setting : –--- internet ---modem with PfSenseon DMZ ----- LAN :

    So my remote subnet it the first : ?

  • Your Cisco client needs to specify a local subnet for his end of the tunnel (from the pfSense point of view this is the remote subnet behind the tunnel). As this is a single client ist should be a /32. I don't know the cisco client so I can't tell you how to set it up.

Log in to reply