On Sat, Jul 28, 2012 at 1:20 PM, James Bland <fastlan...@mac.com> wrote:
> Hi all, > > I've got BT Business Broadband with a block of 5 IP's. I'm connecting to > this using PPPoE to a router in bridge mode rather than a 2wire router. > I've also got a second ISP so I'm running MultiWAN here. > > So the static IP's are in a different subnet than the dynamic IP. > > So the PPPoE interface connects with a dynamic IP. I then add my public > IP's as IP Aliases in the Virtual IP section. I've tested port forwarding > off one of the IP's and that works, I've tried Outbound NAT and that also > works. > > If I tried to ping any of the statics I was getting TTL timeout issues > however if say I add a 1:1 NAT on an entry with firewall rules to allow > traffic ping then works fine. > > My issue is with IPSec off one of these IP Aliases. If I put IPSec on the > WAN interface it'll try to connect to the remote site (But fail as its not > coming off the IP it expects). > > If I change it to the virtual IP I just get "racoon: ERROR: phase1 > negotiation failed due to send error." > > So as far as I can see it just doesn't send any data out at all. I've > tried turning DEBUG mode on but I'm getting no more info. > > I guess I'm missing some rule somewhere that I might need but I've tried > fiddling and come up empty. > > Can anyone give me some advice on this? > > Cheers, > James > I don't know the full details, but I do know that certain Virtual Address types support/do-not-support certain features. I use ProxyARP Virtual Addresses on my systems (though I don't currently use IPSec so I don't know if switching will help you). Moshe -- Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list