Todo #5158
closed
Mobile IPSec Phase 2 tunnel configuration option needed
0%
Description
Pfsense UI doesn't allow in configuration to define the Remote Network (rightsubnet) when having mobile support enabled. Therefore Phase 2 fails and server replies with "traffic selectors XXX inacceptable".
The remote network should be defined when using PFSense boxes to create IPSec tunnels in cases where the other end has dynamic WAN IP address and no DyDNS is used.
Tried manually editing the configuration from CLI by defining ”rightsubnet = x.y.z”, and the phase 2 gets completed. Unfortunately, the manually added configuration gets overwritten in many circumstances, e.g. process restart or GUI conf change.
Strongswan has the support, and it should be added also to PFSense GUI.
Updated by Jim Pingle almost 10 years ago
Using "mobile" for site-to-site is probably the wrong way to accomplish this. More likely you want the ability to set the remote peer address in a regular tunnel to the equivalent of "%any"
Updated by Mikko Ketola almost 10 years ago
Either one or both approaches should be enabled as currently setting remote peer address to "%any" isn't supported from GUI thus PFSense can't be easily used for IPSec Road Warrior setups.
Updated by Chris Buechler almost 10 years ago
- Status changed from New to Rejected
- Target version deleted (
Future)
subject isn't desirable. #4989 covers what will properly accommodate that circumstance.