Pfsense on AWS and IPSec Peer identifier issue

 

As you know AWS uses private IP address block in VPC. If you install a Pfsense as a NAT Instance, you will see private IP for WAN interface.  You can assign en Elastic IP but it will not be visible by ec2 instance.

For that reason, If you are creating a IPSec tunnel you need to set Peer identifier under Phase 1 Proposal (Authentication) on other remote peer of pfsense on AWS.

If you use public IP address of pfsense as Peer identifier you will get

IDir ‘10.1.1.1’ does not match to ‘X.X.X.X’   (X.X.X.X is Elastic IP of AWS pfsense)

Choose ‘IP address’ as Peer Identifier(default: Peer IP Address) and enter IP address of pfsense ec2 instance WAN IP(10.1.1.1 in this example)

aws-pfsense

 

ismail yenigul

Advertisements
Pfsense on AWS and IPSec Peer identifier issue

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s