I have been bashing my head against a wall trying to get Mobile IPSec (Mutual PSK + Xauth) working on pfSense 2.0.2. As I've reported previously here, I can only get traffic to flow in both directions if I set "NAT Traversal" to "Force" instead of "Enable" in the Phase 1 tunnel definition. Non-NATted connections will only route traffic from the client to the VPN, not vice versa.
I discovered subsequently in the pfSense "Mobile IPsec on 2.0" document (http://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0) that the description of how to set up Mobile IPSec on 2.0 also lists "NAT Traversal: Force" under the Phase 1 section. Is this a hard requirement in 2.0.X? If so, is this due to bugs/limitations in the version of racoon/ipsec-tools used in 2.0.X? My experience of 2.0.X is that it correctly detects whether a client is behind a NAT for "NAT Traversal: Enable" but traffic only flows bidirectionally in the case of clients behind a NAT (i.e., NAT-T is enabled). Does this problem still exist in 2.1? Cheers, Paul. _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list