IPSec lan-to-lan with PfSense and MikroTik - Not working!!!



  • Hello,
    I have some trouble configuring a working IPSec connection between my PfSense and a MikroTik firewall Router.

    I have the public static IP configured on the PfSense WAN port, and a private IP configured on the WAN of MikroTik because it is behind a NAT.

    I tried to bring up the tunnel using the configuration attached to this post, but it doesn't work.

    Can someone give me (and the community) an help in order to make it working and stable?

    Thank you,
    Regards

    Riccardo
    ![PfSense P1.png](/public/imported_attachments/1/PfSense P1.png)
    ![PfSense P1.png_thumb](/public/imported_attachments/1/PfSense P1.png_thumb)
    ![PfSense P2.png](/public/imported_attachments/1/PfSense P2.png)
    ![PfSense P2.png_thumb](/public/imported_attachments/1/PfSense P2.png_thumb)







  • No-one have a solution for my issue with IPSec connection?…


  • Banned

    Apparently not with the awesome "but it doesn't work." issue description… Guess why.



  • Hi,

    i know that mikrotik + pfsense  is working.

    Is phase1 ok ? –>yes go to phase2
    is phase2 ok ?

    From mikrotic forum:
    When you want to make a direct IPsec tunnel between MikroTik routers you must make sure that you have an exception rule in your NAT table for traffic from the local to the remote network which says "accept" (before your general rule that says "masquerade" or "src-nat").
    When you do not do that, the router will mistakenly NAT the traffic before it puts it into the tunnel, and no communication will be possible.

    I used on phase 1
    Encryption algorithm AES 256
    Hash algorithm

    |
    SHA1
    DH key group 2(1024)
    Lifetime 86400

    phase2
    Protocol ESP
    Encryption algorithms AES (auto)
    Hash algorithms SHA1
    PFS key group 2(1024)
    Lifetime 1800

    With other setting i ran in trouble.

    regards
    max |


Log in to reply