Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC road warrior multiple subnets internal

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 815 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brcisna
      last edited by

      Hello All,

      Setting up road warrior connection to a 2.2.4-RELEASE Pfsense machine,having troubles getting the client to be able to access all three subnets on pfsense lan(s). For completness there are already three site to site VPN's setup that  all machines at each site remotely can  access all three subnets on this pfsense machine.
      Road warrior can ping any machine on the .8.0 lan but not othe two subnets.
      Also doing a packet capture on pfsense web gui road warrior pings to .10.0 & .12.0 network reaches each machine but no response packet is sent?
      Adding: Never see a route generated in the routesfon pfsense for the clients virtual subnet that they are handed out. Is this correct?

      LAN- 172.28.8.0/24
      OPT1- 172.28.10.0/23
      OPT2- 172.28.12.0/23

      have tried multiple clients on Android,IOS,windows all the same result.
      Found what may possibly be the problem in the pfsense/ipsec logs but dont know how to resolve.
      ipsec log one line snippet:    charon: 06[CFG] <con2|75>sending UNITY_SPLIT_INCLUDE: 172.28.0.0/16|/0

      Looking at the above log snippet it appears the client is going to be able to access 172.28.0.0/16/0
      Notice the extra  '/0'
      I have set the "Network setting in the P2 to 172.28.0.0/16 to access the whole range of the three subnets.
      This is how it was setup for the three working site to site VPN's which work correctly

      Also have tried setting/adding two extra P2 settings with the extra two subnets defined and still the same result.

      Anyone have any ideas?

      Thank You</con2|75>

      1 Reply Last reply Reply Quote 0
      • J
        jolebole
        last edited by

        I have the exact same problem. I can't acces my other vlans through the mobile client connection from my laptop. I tried with various firewall rules with no success. Any pfSense vlan masters here? :)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.