I should also add, in case it matters that all of the remote end-points
are either Linksys RV082's, Linksys RV016's, Hotbrick 800/2's, or
Netgear FVS338's.
All of the remote end-points are configured with static IP's and any ISP
supplied routers are configured solely as bridge devices. If PPPoE is
being used, I have the remote Linksys, Netgear, or Hotbrick performing
the PPPoE. These remote end points operate over a combination of Cable,
ADSL, and wireless Internet access from their various ISP's. I have
learned that, if the ISP's supplied router/firewall is doing any sort of
NAT or port forwarding, it just kills IPSEC VPN stability. This seems
especially true for the Linksys and Netgear devices that I've run across.
Vaughn
Vaughn L. Reid III wrote:
No. The only things that I added/changed were the firewall rules.
Actually, I don't have manually entered static routes configured for
any of my IPSEC connections, and they all work. When I pull up the
routing table, I have noticed that the pfsense box appears to
automatically add the routes.
Vaughn
[EMAIL PROTECTED] wrote:
Do you have static routes set up as well?
I just wanted to report an update of how my IPSEC over OPTx is working.
It's been a few days, now since I set up the manual rules on the OPTx
interface that I wanted to use for IPSEC. Since I set up the rules
listed in my previous post, my IPSEC VPN's over the OPTx interface are
working well and seem very stable.
Vaughn
Vaughn L. Reid III wrote:
Just to be thorough, I added two more rules to the firewall's OPT
interface to make sure all the IPSEC stuff gets through. I'm fuzzy on
if the last two are needed, but just to be safe, I added them.
Here are all the rule that I've added:
Rules in the format listed below:
Format: Protocol Source Port Destination Port
Gateway Schedule
1. UDP * * Interface IP Address 500 * Blank
2. ESP * * Interface IP Address * * Blank
3. AH * * Interface IP Address * * Blank
4. GRE * * Interface IP Address * * Blank
Vaughn
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
