Hi Gavin, I've 2 IPSec tunnels and both of the other ends are Cisco ASA devices so OpenVPN wouldn't be an option. It is working fine with how I've configured it now, not using PPPoE.
Must just be that it's not possible with PPPoE currently with multiple IP's. Cheers, James On 31 Jul 2012, at 09:27, Gavin Will <[email protected]> wrote: > I use BT Business also as a 2nd ISP. > > I was in the same boat as you, the wan ip on the ppoe connection would change > so creating a ipsec VPN was a pain. Eventually I just went to using openvpn > and the BT connection as a client and the other static connection being the > server. > > Works fine,however I am assuming you have PFsense at the remote end also. > > > > Gavin > > > > From: [email protected] [mailto:[email protected]] > On Behalf Of Moshe Katz > Sent: 30 July 2012 19:17 > To: pfSense support and discussion > Subject: Re: [pfSense] IP Alias and IPSec > > On Sat, Jul 28, 2012 at 1:20 PM, James Bland <[email protected]> wrote: > Hi all, > > I've got BT Business Broadband with a block of 5 IP's. I'm connecting to this > using PPPoE to a router in bridge mode rather than a 2wire router. I've also > got a second ISP so I'm running MultiWAN here. > > So the static IP's are in a different subnet than the dynamic IP. > > So the PPPoE interface connects with a dynamic IP. I then add my public IP's > as IP Aliases in the Virtual IP section. I've tested port forwarding off one > of the IP's and that works, I've tried Outbound NAT and that also works. > > If I tried to ping any of the statics I was getting TTL timeout issues > however if say I add a 1:1 NAT on an entry with firewall rules to allow > traffic ping then works fine. > > My issue is with IPSec off one of these IP Aliases. If I put IPSec on the WAN > interface it'll try to connect to the remote site (But fail as its not coming > off the IP it expects). > > If I change it to the virtual IP I just get "racoon: ERROR: phase1 > negotiation failed due to send error." > > So as far as I can see it just doesn't send any data out at all. I've tried > turning DEBUG mode on but I'm getting no more info. > > I guess I'm missing some rule somewhere that I might need but I've tried > fiddling and come up empty. > > Can anyone give me some advice on this? > > Cheers, > James > > I don't know the full details, but I do know that certain Virtual Address > types support/do-not-support certain features. > > I use ProxyARP Virtual Addresses on my systems (though I don't currently use > IPSec so I don't know if switching will help you). > > Moshe > > -- > Moshe Katz > -- [email protected] > -- +1(301)867-3732 > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
