Problems connecting mobile IPSEC client to PFSense 2.0
-
Hello everyone,
I’m having some troubles getting a mobile client to connect to my local network using PFSense 2.0. The problem seems to be some kind of firewall rule or routing problem instead of a vpn tunnel problem. I say this because the vpn tunnel appears to come up without any problems, but when I try to ping any nodes on my local network the ping times out. Is there a special rule that I should be creating under the IPSec tab in the firewall rules section? Should I be creating some kind of static route? Also, I am configuring all mobile clients with a 172.16.1.0/24 network and the local network is 192.168.1.0/24.
Thanks.
-
Hello,
I'm running latest 2.0 Alpha Alpha version , and i'm experience the same problem.
I use the Latest Shrewsoft VPN client.
The Tunnel connects fine and the virtual adapter gets the first ip wich was given in the ip config in the firewall. eg. 192.168.255.0 /24
gets 192.168.255.1…......
my Lan network behind the firewall = 10.1.1.0/24
i made a firewall rule on IPSEC for testing to pass any to any .
unfotunally no ping results on any node in the 10.1.1.0 network on the mobile Client.
What i'm doing wrong ? is there some bug here that the remote network can't be reached ? :(
-
:)
Finally found the problem , disabled NAT-T on the firewall and on the client.
Now works o.k.
-
Perhaps too late, but I'll post it here anyway.
You need to allow these things in your firewall:
-
UDP port 500 for IPSec
-
protocol ESP (or AH if set that way)
-
UDP port 4500 for NAT-T
-