I experience troubles when trying to establish an IPsec connection between home with dynamic IP and the office with a static one.
Home is set up as mobile client with a Lan subnet of 192.168.2.0/24 and office has a static public IP with 192.168.100.0/24 as LAN subnet. Setup is from HOBA's tutorial still with 1200s lifetime for both phases and sides.
Just to make sure, please correct my ruleset if anything is wrong:
NAT: WAN UDP 500 192.168.2.3 (ext.: ) 500 UDP 500 for IPsec
NAT: WAN ESP 192.168.2.3 (ext.: ) ESP for IPsec
RULE: ESP * * WAN address * * NAT ESP for IPsec
RULE: UDP * * WAN address 500 * NAT UDP500 for IPsec
NAT: WAN UDP 500 192.168.100.99 (ext.: ) 500 UDP 500 for IPsec
NAT: WAN ESP 192.168.100.99 (ext.: ) ESP for IPsec
RULE: ESP * * gateway * * NAT ESP for IPsec
RULE: UDP * * gateway 500 * NAT UDP500 for IPsec
gateway is an alias for the pfSense LAN address (192.168.100.99) at office side.
Which entry is correct - ESP to WAN or LAN host (alias: gateway)?
Further on, I have no SAD or SPD on static side whereas I get an SPD entry on the dynamic side but no SAD since the tunnel is not up.
This might be ok.
On systemlogs|firewall tab at home I have racoon pares errors. These do not show up at office side...