Re: [pfSense] pfsense, IPSec, and Mac OS X
On Aug 22, 2014, at 11:38 AM, Paul Galati wrote: > thanks for your reply. I have looked at that page already to verify my > initial settings were correct, and they are. It is the final tweak that I am > trying to locate. I just don’t understand why simply turning NAT-T on or off > would completely eliminate the login prompt. In my setup (OS X 10.9 with IPSec client using XAuth PSK) I don't have to enter a login or password or shared secret because that's already in the OS X IPSec VPN configuration in Network Preferences. The only time I am prompted to enter the password is after about an hour, presumably when the IPSec lifetime has expired on the client side. When I connect from the Mac, all I get is a popup saying "VPN Connection" and buttons with "Disconnect" and "OK". For me, enabling or disabling NAT-T is the difference between traffic routing out of the pfSense box or not, i.e., the VPN working or not working. Cheers, Paul. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense, IPSec, and Mac OS X
Bruce, thanks for your reply. I have looked at that page already to verify my initial settings were correct, and they are. It is the final tweak that I am trying to locate. I just don’t understand why simply turning NAT-T on or off would completely eliminate the login prompt. Paul Galati paulgal...@gmail.com On Aug 22, 2014, at 11:26 AM, Bruce A. Mah wrote: > If memory serves me right, Paul Galati wrote: > >> Anybody on the list using Mac OS X 10.6 or later and the built in >> Cisco IPSec Client connecting to pfSense with any reliability? > > I've had this working (with at least Mac OS 10.8 and 10.9 and iOS 6 and > 7, with their built-in IPsec clients) on pfSense 2.1.x, following a > modified version of these instructions: > > https://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0 > > Unfortunately it's been quite awhile since I set this up, and I don't > remember the changes I had to make for newer versions of pfSense (they > weren't major however, and mostly had to do with UI changes in pfSense > rather than IPsec functionality). > > Once I flailed around with the initial setup, it Just Works (tm). > > Hope this helps, > > Bruce. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense, IPSec, and Mac OS X
If memory serves me right, Paul Galati wrote: > Anybody on the list using Mac OS X 10.6 or later and the built in > Cisco IPSec Client connecting to pfSense with any reliability? I've had this working (with at least Mac OS 10.8 and 10.9 and iOS 6 and 7, with their built-in IPsec clients) on pfSense 2.1.x, following a modified version of these instructions: https://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0 Unfortunately it's been quite awhile since I set this up, and I don't remember the changes I had to make for newer versions of pfSense (they weren't major however, and mostly had to do with UI changes in pfSense rather than IPsec functionality). Once I flailed around with the initial setup, it Just Works (tm). Hope this helps, Bruce. signature.asc Description: OpenPGP digital signature ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] IPSec Phase2 deflate
Hi ! Is there any possibility to disable the IPSec deflate option ? (It seems as if there are some problems with AVM-products and i would like to check this out) Regards, martin ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list