pfSense

Pfsense UI doesn't allow in configuration to define the Remote Network (rightsubnet) when having mobile support enabled. Therefore Phase 2 fails and server replies with "traffic selectors XXX inacceptable".

The remote network should be defined when using PFSense boxes to create IPSec tunnels in cases where the other end has dynamic WAN IP address and no DyDNS is used.

Tried manually editing the configuration from CLI by defining ”rightsubnet = x.y.z”, and the phase 2 gets completed. Unfortunately, the manually added configuration gets overwritten in many circumstances, e.g. process restart or GUI conf change.

Strongswan has the support, and it should be added also to PFSense GUI.