Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange behavior IPSEC VPN

    Scheduled Pinned Locked Moved IPsec
    6 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maxita
      last edited by

      good morning

      I have successfully connected with VPN two offices (all 2 with a public IP) and pfSense 2.0 Firewall with the following scheme:

      Office 1 -> 192.168.0.xxx
      Office 2 -> 192.168.2.xxx

      The connection of the tunnel has been completed successfully, the ip of the two subnets are pingable and if I try to get in on some machines with VNC remote (of the VPN computers) i can easily, even in SSH on the firewall at the remote pfsense without problems.

      They do not work instead all http connections both port 80, 8080 for example can not log into web panels of printers / IP phones / access point. On some ip it start charging the page with the logo but then the loading stops.

      Same thing if I try to get on the QNAP NAS remotely via windows share (samba), I can sort/list the root but when I try to enter into some subfolder, the connection hangs and times out.

      The table is instead constant and regular. I attach screenshots of the rules:

      1 Reply Last reply Reply Quote 0
      • M
        maxita
        last edited by

        Another info: on all pcs of the two subnets I use the netmask 255.255.255.0 is that right or I need to use 255.255.0.0?!? Thanks

        1 Reply Last reply Reply Quote 0
        • M
          maxita
          last edited by

          any one can help me please?

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Sounds like you have at least a couple completely different issues possibly. The APs, printers, etc. I would suspect don't have a default gateway defined. If you can't ping them, that's almost certainly the case. The other alternative is they have a wrong subnet mask, all your devices should be /24 (255.255.255.0), if they're /16 (255.255.0.0) then they think the other end of your VPN is local and will never be able to communicate with it.

            That wouldn't be the case for the NAS, that's not a common scenario like the aforementioned scenario with APs and printers is, not sure what to suggest based on that.

            1 Reply Last reply Reply Quote 0
            • M
              maxita
              last edited by

              Hi cmb

              Thanks for your reply, I have checked all rules and seems ok, default gateway of all devices it's correctly and the subnet is 255.255.255.0 in all configurations.. I'm becoming really mad, I can use VNC for check others VPN side pcs but I can't enter inside printers/ access point web pages or listing directory via samba.. :((((( any idea?!?

              1 Reply Last reply Reply Quote 0
              • M
                Metu69salemi
                last edited by

                Hi, didn't read all the story, but can you then connect to printers if you VNC to the host in that another subnet and try to access with browser?
                If you can ssh to the other ends firewall can you then use proxy to connect printers?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.