Krumpy wrote:Curious why you're using IPSEC. My understanding is that these have high overhead. Why not use a SSL based VPN like OpenVPN which I understand has less overhead?
The reason I utilize IPSEC/L2TP is specifically for my line of work. I regularly work with multiple NOC (Network Operations Centers) on VPN tunnels back to corporate offices, and their equipment utilizes VPN with IPSEC/L2TP, when it fails, they try to blame it on the equipment vs something in their configuration. I then with my laptop connected to their device connect to my VPN tunnel at home prove that the equipment (usually a cellular backup device) did in fact establish a VPN tunnel successfully over the requested protocol. This stops their IT in their tracks of saying that I don't know what I am doing. So the reason I utilize it is for work to verify equipment is really capable of running the tunnel, when there is problems establishing their own tunnel. Does that help? I was doing this previously on a Virtual Machine on my server at home, but when my router took a dump, it took the port configurations with it, and I have been unsuccessful in getting things working again. Thus the hard-ware solution.
Krumpy wrote:Maybe I should also ask what platform clients you're using?
Generally I am using my Macbook Pro or my Android phone. I enjoy the built in interface for IPSEC/L2TP for OSX, vs having to run a separate client for VPN services.
Krumpy wrote:I understand that it is frustrating. I'll re-read the thread to see if I missed something, but unless there are issues with the 2.4 (?) build of PFSENSE I do know that IPSEC VPN works with iPhone and OpenVPN also works with the iPhone.
Krumpy wrote:Also keep in mind that some of the cell carriers have eliminated IPv4 addressing. This means that you may need to use IPv6 instead. I just ran into this with T-Mobile and IOS 10.2. Apparently the general thought is that no one is using IPv4 anymore and therefore T-Mobile dropped IPV4 support... ARGH!!!!!! Yes, I was still using it. I called and called and called. No one had a clue. I figured it out by doing a lot of troubleshooting and researching. They had no clue to how to fix it either.... Answer was to switch my external presence to IPV6 and that took care of it.
I am willing to help, but we will need to take it offline. Typing all of the conversation back and forth would be too time consuming.
Very much appreciated. I will even give you remote access to the firewall via my computer so that we can work on this together. I will send you my email to correspond with via private message. My hopes is that we can get this working to such a level, that we can make this available to anyone that wishes from Allonis to have an easy to utilize IPSEC/L2TP VPN tunnel.