1. Even though you need to NAT for your
inside hosts IPSec is listening on the WAN interface. 2. Not sure but my guess would be no
(without a lot of easy configuration changes) One think that was reversed in previous
builds (not sure if is changed in 2-20) is the “Prefer old IPSec Sa”
checkbox under System-Advnced. Bill found that in the code pfsense already
tries old sa’s first, so when you check this box it will make it prefer
NEW Sa’s. That was the heart of a lot of my Ipsec troubles. Do you have the WAN as the local endpoint
and LAN Subnet as the Local subnet on each side? As I believe there still is an
issue with ipsec-tools if you are trying to do host to host setup. (/32s) What are you using as your local
identified IP or FQDN? Once you get a session up can you do a “ping
–c 5 –S <your pfsense lan ip> <remote pfsense lan ip>”
from the Diag -> Command Prompt tab? Thanks John From: Tommaso Di
Donato [mailto:[EMAIL PROTECTED] Hi guys! |
- [pfSense Support] Problem with ip... Tommaso Di Donato
- RE: [pfSense Support] Proble... John Cianfarani
- Re: [pfSense Support] Pr... Tommaso Di Donato
- RE: [pfSense Support] Proble... John Cianfarani
- Re: [pfSense Support] Pr... Tommaso Di Donato
- RE: [pfSense Support] Proble... John Cianfarani
- Re: [pfSense Support] Pr... Tommaso Di Donato
- RES: [pfSense Suppor... Pedro Paulo de Magalhaes Oliveira Junior
- RE: [pfSense Support] Proble... John Cianfarani
- Re: [pfSense Support] Pr... Tommaso Di Donato