Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec (Road Warrior) on 4.2.2 connects but networks don't see each other

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 933 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spetnik
      last edited by

      I'm no networking expert, so please bear with me :).
      I have set up an IPsec VPN on my pfSense home office router so that I can access my home network from my laptop when travelling, using ShrewSoft. However, lately it seems to not work. I can get it to successfully connect (I get an IP and I see the welcome banner), but I cannot access my home network from the laptop and vice versa. The weird thing is, that if I ping or otherwise access the laptop's IP from my home network, it takes me to the pfSense box (e.g. if I browse to the IP in my browser it takes me to pfSense login).

      My server settings are viewable here: https://s3.amazonaws.com/aggressivepollen/vpn-server-settings.png
      My client (shrewsoft) settings are viewable here: https://s3.amazonaws.com/aggressivepollen/vpn-client-settings.txt

      The IP that the client receives is 192.168.4.1/24

      I have tried switching to xauth and from aggressive mode to main, and changing a bunch of other options but I only seem to make matters worse by causing it to time out.

      Thanks in advance for any help you can offer!

      EDIT: I forgot to add that my current network is 192.168.2.1/23 (with DHCP) - single pfSense box plugged into my DSL modem on the WAN side and an unmanaged switch on the LAN side.

      1 Reply Last reply Reply Quote 0
      • M
        MrMoo
        last edited by

        Usually such issues are due to intermediary devices not supporting IPsec passthrough, this is where SSL VPN such as OpenVPN is useful.  When configured appropriately OpenVPN looks just like regular HTTPS traffic and thus more likely to work everywhere.

        I'm not sure whether pfSense configures StrongSwan for aggressive mode with PSKs, they are not supported by default:

        https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Aggressive-Mode

        1 Reply Last reply Reply Quote 0
        • S
          spetnik
          last edited by

          What would the intermediary devices here be? I tried connecting via my Android phone's tethering as well as a remote simple cable connection. I also tried through a network that is on a SonicWall router that has in the past (earlier pfSense versions) allowed me to connect.

          1 Reply Last reply Reply Quote 0
          • M
            MrMoo
            last edited by

            @spetnik:

            What would the intermediary devices here be? I tried connecting via my Android phone's tethering as well as a remote simple cable connection. I also tried through a network that is on a SonicWall router that has in the past (earlier pfSense versions) allowed me to connect.

            Usually some form of firewall with NAT would be expected if you are not connecting directly.

            I would suggest upgrading to IKEv2 and using Windows 7 built in client, Android works well too apparently:

            https://raymii.org/s/tutorials/IPSEC_vpn_with_CentOS_7.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.