I use BT Business also as a 2nd ISP. I was in the same boat as you, the wan ip on the ppoe connection would change so creating a ipsec VPN was a pain. Eventually I just went to using openvpn and the BT connection as a client and the other static connection being the server. Works fine,however I am assuming you have PFsense at the remote end also.
Gavin From: [email protected] [mailto:[email protected]] On Behalf Of Moshe Katz Sent: 30 July 2012 19:17 To: pfSense support and discussion Subject: Re: [pfSense] IP Alias and IPSec On Sat, Jul 28, 2012 at 1:20 PM, James Bland <[email protected]<mailto:[email protected]>> wrote: Hi all, I've got BT Business Broadband with a block of 5 IP's. I'm connecting to this using PPPoE to a router in bridge mode rather than a 2wire router. I've also got a second ISP so I'm running MultiWAN here. So the static IP's are in a different subnet than the dynamic IP. So the PPPoE interface connects with a dynamic IP. I then add my public IP's as IP Aliases in the Virtual IP section. I've tested port forwarding off one of the IP's and that works, I've tried Outbound NAT and that also works. If I tried to ping any of the statics I was getting TTL timeout issues however if say I add a 1:1 NAT on an entry with firewall rules to allow traffic ping then works fine. My issue is with IPSec off one of these IP Aliases. If I put IPSec on the WAN interface it'll try to connect to the remote site (But fail as its not coming off the IP it expects). If I change it to the virtual IP I just get "racoon: ERROR: phase1 negotiation failed due to send error." So as far as I can see it just doesn't send any data out at all. I've tried turning DEBUG mode on but I'm getting no more info. I guess I'm missing some rule somewhere that I might need but I've tried fiddling and come up empty. Can anyone give me some advice on this? Cheers, James I don't know the full details, but I do know that certain Virtual Address types support/do-not-support certain features. I use ProxyARP Virtual Addresses on my systems (though I don't currently use IPSec so I don't know if switching will help you). Moshe -- Moshe Katz -- [email protected]<mailto:[email protected]> -- +1(301)867-3732
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
