That's strange, my config works with NAT-T too, but i never had problems with non-natted, natted or any other network.
Am 12.04.2011 um 21:46 schrieb "Paul Mather" <p...@gromit.dlib.vt.edu>: > On Apr 12, 2011, at 3:17 PM, Vick Khera wrote: > >> On Tue, Apr 12, 2011 at 2:04 PM, Fuchs, Martin >> <martin.fu...@trendchiller.com> wrote: >> I have IPSec from my iPhone To pfsense here... >> Have a look at the Forums. It took some Time but now it works... >> >> I found in the forum that it requires pfSense 2.0. Does that still stand >> true? >> >> And do you configure it via pfSense GUI or a manual hack to the racoon >> config file? >> >> I don't find a definitive answer on the forum at all, just a bunch of try >> this try that and speculation followed by a bunch of "doesn't work for me" >> and "works for me, sorta". >> >> The closest I've found is >> http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558 >> >> Is that the current "state of the art" for iPhone -> pfSense VPN? It seems >> to be in conflict with how I want mobile client settings for my "road >> warrior" network VPNs, such as my home office. Ie, I do not want to have a >> virtual address pool for those connections. > > > I have used pfSense 2.0 to set up up an IPsec VPN usable from an iPod Touch, > which I believe uses the same client as the iPhone and iPad. I used pretty > much the setup from the link you give above. In my case, my Phase 2 has > "Local Network" of type "Network" and the address is that of my pfSense LAN > (whereas the forum post uses Local Network Type "None"). (I actually have > two Phase 2 entries, the one just described and another that is the same > except the address is 10.0.0.0/24, to allow VPN access to that private > network reachable from the pfSense LAN.) > > I did all configuration via the pfSense GUI. The setup routes all traffic > for the network behind the pfSense gateway (172.23.23.0/24 and 10.0.0.0/24) > over the IPsec VPN; other traffic goes out as per normal. Split DNS works, > and private DNS hostnames are resolved correctly. > > The VPN works fine when NAT-T is in use. (The same config doesn't work for > my office Mac, which is not behind a NAT.) > > I also tried the L2TP server in pfSense 2.0 today with the Mac OS X L2TP VPN > client but couldn't even get it to connect. :-( > > Cheers, > > Paul. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
