PFsense Capibility question & troubleshooting

Trying to set this up.to test right now, to see if it works and maintain my sanity. Currently testing with a static cable IP address…

Ultimate goal is to have a Centurylink DSL line at a remote location with a Netgate SG-1100 with a logging recorder. Remote access via built in windows client, customer does not want any “non standard” client software

Centurylink uses PPoE auth and will assign a dynamic IP address, in order to remotely access the modem will need to be in bridge mode. Auth will be done on PFsense.

I have a test account with noip.com that is updating and seems to work ok.

What I can not get to work is the mobile IPSec tunnel, my error messages come up with no suitable encryption found.

I can not find much current docmentation on the web with mobile clients with IPSec, dynamic DNS and windows clients. Lots of old stuff to help shoot yourself in the foot with!

Has anyone done something like this recently? Or can point me to some documents that are current.

Thanks

Jerry

I’m pretty certain pfsense is going to handle all your requests. Is there a particular reason you want to use IPSec for mobile? I use OpenVPN for my mobile device and it works really well.

Edit: As far as DNS is concerned your no-IP will handle the changing IP address so your clients won’t know the difference. It will be transparent.

I would like to use OPVN but the users at the other end are reluctant to install 3rd party software to do the VPN. So I need to use what ever is in Windows.

Jerry

Have you by chance looked at this documentation here? https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/l2tp-ipsec.html

Yes, but looking at it again with clear head I think I missed a step.

I will work on it in the morning

Thanks

IPSEC is great for site to site but lots of trouble if the other end is a system behind NAT. OpenVPN is the way to go, tell the client their request is unreasonable.

1 Like

LTS_Tom yup that is why we are consultants and get hired, not to be simple Simon’s.

Got it working with openVPN today, now I hope the customer will accept it.

The wizards make it much more simple.

1 Like