Hello - I recently deployed the Netgate pfSense appliance into an AWS VPC. Due to how AWS handles their networking, all traffic to/from servers there to the public internet transit a 1:1 NAT. So the IP address that is on my pfSense router's WAN interface differs from its true public IP.
I should note that I have pfSense on both sides - 2.3_RELEASE on the non-AWS side and 2.3.2_RELEASE inside AWS. As I expected when setting out to do this, I ran into some IPsec related issues when trying to bring up a tunnel. I've set up tunnels dozens of times between pfsense and other IPsec stacks without issue - this is the first time I've been stumped, and I'm certain it has something to do with the fact that the traffic transits a NAT on the way to the pfsense WAN interface. When I try and bring up the tunnel, I see these logs on the non-AWS end: http://hastebin.com/uyodoqubem.css ...and these on the AWS pfsense: http://hastebin.com/dinogaliyi.vbs Any ideas what could be going wrong here? This log message "found 1 matching config, but none allows pre-shared key authentication using Main Mode" seems like a red herring, as I've been through the P1 configs on both sides many times to make sure that parameters match. Thanks all - Erik _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
