Problems with ipsec net2net psk connection

I am trying to set up a net2net ipsec connection with PSK on my vm testbed for evaluation purposes.

I have two vm IPFires and the ipsec n2n connection at each end is as shown in these two screenshots

Screenshot_2025-05-25_15-37-231014×679 37.9 KB

Screenshot_2025-05-25_15-37-471007×684 35.7 KB

In both cases I have nothing set in the global settings section as that is said to only be needed for Net2Host and the root/host x509 cert set is only needed for certificate based connections.

Screenshot_2025-05-25_15-38-391016×743 50.7 KB

However, I must be doing something fundamentally wrong as the n2n connection will not connect and there are no entries in the ipsec system log at either end when I disable/enable the connection or try and reconnect.
I have also looked in the /var/log/messages file and confirmed that there is no entry in there from saving the n2n connection or from disabling/enabling the connection.

Any suggestions for what I am doing wrong will be gladly accepted and tested out.

Red ipfire1 and ipfire2 interfaces are in the same subnet, respond to ping?

“Enabled” must be checked for connections to work

obraz837×198 6.19 KB

edit

PS. don’t forget about the following settings

obraz327×148 4.35 KB

Thank you very much. Those two were exactly the things I needed to change.

I had left the global setting not enabled as I was doing the same as with the OpenVPN net2net connection where the OpenVPN server does not need to be enabled. It is only needed for the OpenVPN Road Warrior connection.

I have learnt that it is different for the IPSec connection.

Many thanks again.

I now have the IPSec n2n connection with a Green Connected and ping from a machine on the green of IPFire1 to another machine on the green of IPFire2 works.

Never use anything else but “On Demand” in a regular setup. If one peer is behind CGNAT, you can use “Wait for connection initiation”.