Connected but no Traffic
-
Are you trying this from inside or outside your network?
-
I was using the 3G network on my mobile, so outside. I figured the routing would have issues if I used my Wifi without a bit of fiddling
-
I've had issues in the past of this and that carrier kicking/stoppping/reseting VPN and SIP traffic (off and on)
Maybe try it from a friend's wifi.
That NAT-T should be on, BTW.
On your android phone, are you forcing that route?
I had to put
Forwarding routes : 0.0.0.0/0 in mine to make it use the VPN tunnel 100% of time.
I also gave it a DNS Server. I use my own, but for you, 8.8.8.8 would be good.
All these settings are in the Android IPsec settings.
You are using the built in vpn client right? Not one you downloaded? -
If I turn on NAT-T (Enable or Force) I cant get P1 up (just times out).
Thing is that the VPN stays up and is pretty stable but just doesn't allow traffic (in the default ipsec client I have a forward route of 10.0.0.0/24 set in the IPSec Client along with DNS of 10.0.0.10 (internal) and then 8.8.8.8)
I only want to access 10.0.0.0/24 network via the VPN but all other net access should route over the normal 3G/Wifi data connection.
BTW, just tested the work Wifi and it has the same issue. (there isn't any captive portal or anything blocking either)
-
Sounds like there is a second 10.0.0.0/24 subnet somewhere between your client and your server. Can you test with another subnet? Even if that wouldn't be a solution you'd still know what the problem was.
I also had this problem when I had IPsec/OpenVPN tunnel configuration with (partly) identical names or IP ranges. Delete any that might conflict.
Alternatively try OpenVPN.
-
Is this for the P2 Local Subnet or from the Mobile Client Virtual Address Range?
-
I also checked the Arp table and there is nothing showing for the Mobile Client IP allocated :(
-
I've got this working thought it wasnt a fix I would normally like to use.
I set the NAT-T to enable and rebooted PFSense, when it came back up Bingo!
So whats causing it or if it is going to happen again I dont know. Restarting racoon didnt help btw!
-
ohhhhhhhh… haha.
laughing at myself...When a client is disconnected and reconnected a few minutes later, it probably wont pass traffic.
Its a weird glitch that I've been assured doesn't exist now... But ok.Anyway. Try this.
Connect to your VPN. Test it.
Now, disconnect and wait 3 minutes. Then connect again and test it.I bet it doesn't work now.
Now, go to status > services and press the "restart services" button to the right of racoon / IPsec.
Bet it works now.
-
ohhhhhhhh… haha.
laughing at myself...When a client is disconnected and reconnected a few minutes later, it probably wont pass traffic.
Its a weird glitch that I've been assured doesn't exist now... But ok.Anyway. Try this.
Connect to your VPN. Test it.
Now, disconnect and wait 3 minutes. Then connect again and test it.I bet it doesn't work now.
Now, go to status > services and press the "restart services" button to the right of racoon / IPsec.
Bet it works now.
That was a problem on older snapshots, and still is if you didn't follow this page exactly: http://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0
Double check every setting (especially Prefer Old IPsec SA)
