Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec site to site cant access internet

    Scheduled Pinned Locked Moved DHCP and DNS
    2 Posts 1 Posters 349 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrchip
      last edited by mrchip

      I've set up a site to site vpn. 192.168.5.0(main office) - 192.168.0.0(branch).
      The tunnel is connected and the .5.0 can ping/access the 0.0 The 0.0.(branch) network cannot access the internet or ping any systems on the .5.0.

      How do I get the 192.168.0.0 to be able to access the internet. Below are my settings:

      Systems/General/DNS Server Settings: 1.1.1.1 (DNS Hostname Empty), (Gateway-none)
      DNS Server Override: Unchecked
      DNSSEC: Unchecked

      Interfaces/Wan: IPv4 Config: DHCP

      Firewall/Nat/Outbound: Automatic outbound NAT rule

      Firewall/rules/ipsec: Action:Pass, Interface: IPsec, Address: Ipv4, Protoco: Any, Source: Network - 192.168.5.0/24, Destination: Network - 192.168.0.0/24

      Services/DNS Resolver/General Settings: Enabled, Network Interfaces: All, Outgoing Interfaces: All, DNS SEC: enabled

      VPN/IPses/Tunnels/Edit Phase 1: Protocol - IPv4, Interface: Wan, NAT Traversal - Auto,

      VPN/IPses/Tunnels/Edit Phase 2: Local Network: Network - 192.168.0.0/24, Nat/BINAT translation: None, Remote Network - 192.168.5.0/24

      1 Reply Last reply Reply Quote 0
      • M
        mrchip
        last edited by mrchip

        Figured it out...answering my own post in case it helps someone else.
        The problem WASNT dns! Mark that for the record books. I believe it's one of two problems.
        When I originally setup the wan I set a static wan interface. My ISP complained and told me to set it as dynamic (even though they issue us a static). Also on the initial setup I had not spoofed the mac address of the old firewall my isp had registered. The isp will issue a completely different ip range but not allow you to connect to the internet if using a different/unregistered mac. Somehow when I switched to dynamic it left the original (nonworking) static gateway. Upon checking the status/gateways I noticed the top entry in pink as offline under that is a WAN_DHCP with "Online" status. Once I deleted that top "offline" gateway, then I got internet.

        I was going insane because the vpn worked so I knew the internet worked...but also wouldn't. Hope it helps someone else

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.