Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connected but no Traffic

    IPsec
    4
    11
    3.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kejianshi
      last edited by

      Are you trying this from inside or outside your network?

      1 Reply Last reply Reply Quote 0
      • W
        WTF
        last edited by

        I was using the 3G network on my mobile, so outside. I figured the routing would have issues if I used my Wifi without a bit of fiddling

        1 Reply Last reply Reply Quote 0
        • K
          kejianshi
          last edited by

          I've had issues in the past of this and that carrier kicking/stoppping/reseting VPN and SIP traffic (off and on)

          Maybe try it from a friend's wifi.

          That NAT-T should be on, BTW.

          On your android phone, are you forcing that route?

          I had to put

          Forwarding routes :  0.0.0.0/0  in mine to make it use the VPN tunnel 100% of time.

          I also gave it a DNS Server.  I use my own, but for you, 8.8.8.8 would be good.

          All these settings are in the Android IPsec settings.
          You are using the built in vpn client right?  Not one you downloaded?

          1 Reply Last reply Reply Quote 0
          • W
            WTF
            last edited by

            If I turn on NAT-T (Enable or Force) I cant get P1 up (just times out).

            Thing is that the VPN stays up and is pretty stable but just doesn't allow traffic (in the default ipsec client I have a forward route of 10.0.0.0/24 set in the IPSec Client along with DNS of 10.0.0.10 (internal) and then 8.8.8.8)

            I only want to access 10.0.0.0/24 network via the VPN but all other net access should route over the normal 3G/Wifi data connection.

            BTW, just tested the work Wifi and it has the same issue. (there isn't any captive portal or anything blocking either)

            1 Reply Last reply Reply Quote 0
            • V
              Vorkbaard
              last edited by

              Sounds like there is a second 10.0.0.0/24 subnet somewhere between your client and your server. Can you test with another subnet? Even if that wouldn't be a solution you'd still know what the problem was.

              I also had this problem when I had IPsec/OpenVPN tunnel configuration with (partly) identical names or IP ranges. Delete any that might conflict.

              Alternatively try OpenVPN.

              1 Reply Last reply Reply Quote 0
              • W
                WTF
                last edited by

                Is this for the P2 Local Subnet or from the Mobile Client Virtual Address Range?

                1 Reply Last reply Reply Quote 0
                • W
                  WTF
                  last edited by

                  I also checked the Arp table and there is nothing showing for the Mobile Client IP allocated  :(

                  1 Reply Last reply Reply Quote 0
                  • W
                    WTF
                    last edited by

                    I've got this working thought it wasnt a fix I would normally like to use.

                    I set the NAT-T to enable and rebooted PFSense, when it came back up Bingo!

                    So whats causing it or if it is going to happen again I dont know.  Restarting racoon didnt help btw!

                    1 Reply Last reply Reply Quote 0
                    • K
                      kejianshi
                      last edited by

                      ohhhhhhhh…  haha.
                      laughing at myself...

                      When a client is disconnected and reconnected a few minutes later, it probably wont pass traffic.
                      Its a weird glitch that I've been assured doesn't exist now...  But ok.

                      Anyway.  Try this.

                      Connect to your VPN.  Test it.
                      Now, disconnect and wait 3 minutes.  Then connect again and test it.

                      I bet it doesn't work now.

                      Now, go to status > services and press the "restart services" button to the right of racoon / IPsec.

                      Bet it works now.

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        @kejianshi:

                        ohhhhhhhh…   haha.
                        laughing at myself...

                        When a client is disconnected and reconnected a few minutes later, it probably wont pass traffic.
                        Its a weird glitch that I've been assured doesn't exist now...   But ok.

                        Anyway.  Try this.

                        Connect to your VPN.  Test it.
                        Now, disconnect and wait 3 minutes.  Then connect again and test it.

                        I bet it doesn't work now.

                        Now, go to status > services and press the "restart services" button to the right of racoon / IPsec.

                        Bet it works now.

                        That was a problem on older snapshots, and still is if you didn't follow this page exactly: http://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0
                        Double check every setting (especially Prefer Old IPsec SA)

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.