Hello,
you need:
PFSENSE A (dynamic) <--> PFSENSE B (static)
On the Pfsense B you must enabled "allow mobile Clients" and define at
the PSK -tab- an identifier and a passwort. Then you must fill out the
other fields
lifetimes and so on the mobile client page
On the Pfsense A you need the same information on the normal ipsec tab,
create a new tunnel definition
and choose the aggressive mode. The last thing is to setup "my
identifier" with USER FQDN and the
shared secret from static side in your tunnel definition.
That´s all
it works.
Greetings
Heiko
Anil Garg schrieb:
Heiko
This is an amazing news. Let me try some guidance from you.
One Machine A(PFSENSE), I have to create a rule.... and in that I use
the "public IP" of the remote gateway. And for my identifier I will
use [EMAIL PROTECTED]
Then on Machine B(PFSENSE), I have to create a corresponding rule and
in that I again have to use the "public IP" of the remote gateway. And
for my identifier I can use [EMAIL PROTECTED]
This appears to be the case when two pfsense talk to each other.
However, if I put either a netscreen or linksys on the other side my
problem will be solved.
I looks like at least one of the node has to support a DYNDNS for
remote gateway.
Did I understand it correctly?
Anil Garg
*/Heiko Garbe <[EMAIL PROTECTED]>/* wrote:
with 1.2 you needn´t static ips on both sides, one side dynamic
pfsense
and one side static pfsense and
it works
greetings
heiko
Jeppe Øland schrieb:
> Try this one:
> http://pfsense.untouchable.net/tutorials/openvpn/pfsense-ovpn.pdf
>
> Regards,
> -Jeppe
>
> On Thu, Feb 28, 2008 at 8:04 AM, Anil Garg wrote:
>
>> Thanks for your response Martin -
>> Rev 1.3 might be some time away... I'd like to do an Open VPN
site-2-site.
>> Do you have a link or two to point to me as I am a Newb on
computers....
>> Best
>> Anil Garg
>>
>>
>>
>> "Fuchs, Martin" wrote:
>>
>>
>> So then go on and use OpenVPN site-to-site… it works woth 2
dynamic IPs…
>>
>> Dynamic IPs for IPSec will be in 1.3…
>>
>> Regards,
>>
>> Martin
>>
>>
>> Von: Anil Garg [mailto:[EMAIL PROTECTED]
>> Gesendet: Donnerstag, 28. Februar 2008 04:51
>> An: [email protected]
>> Betreff: [pfSense Support] IPSEC
>>
>> Hey guys - I am a happy camper with pfsense and recently
upgraded to 1.2 and
>> have no issues to report so far.
>>
>> I am trying to hook up two pfsense boxes with IPSEC site to
site....
>>
>> It looks like that it needs a public ip address to create a
tunnel. I
>> could try and get public IP address at one place but it looks
like it still
>> will not work because I need public IP address on both sides.....
>>
>>
>> Have looked at all documents and spent many hours without avail...
>>
>> Will some of you learned people suggest a way out.. I can only
get a Public
>> IP address at one location and I am happy to do pay for that.
But the
>> second location being a AT&T DSL in San Jose, CA - this is not an
>> option,.....
>>
>> Much appreciate your help and guidance.
>>
>>
>> Best Regards
>> Anil Garg
>>
>>
>>
>>
--
Mit freundlichen Grüßen
H. Garbe
"Der Computer ist eine logische Weiterentwicklung
des Menschen: Intelligenz ohne Moral!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Mit freundlichen Grüßen
H. Garbe
"Der Computer ist eine logische Weiterentwicklung
des Menschen: Intelligenz ohne Moral!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
