Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AWS IPSec mobile connections not using the "Provide a virtual IP address to clients" pool for clients

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 206 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wdtj
      last edited by

      I am setting up mobile IPSec environment. I set "Provide a virtual IP address to clients" and set the address pool to ww.xx.yy.0/16. We also have an OpenVpn pool set to ww.xx.zz.0/16. (sorry for obfuscating the IP addresses, thought it might give away info to hackers).

      When I tried to connect to our EC2 instances it timed out. I tried adding the ww.xx.yy.0 subnet to the EC2 security group. I ran tcpdump on the pfSense system and noticed the connection requests were being made using the pfSense WAN ip address. Changing the security group now allows the connection to be made.

      The OpenVPN connections use the IP pool specified, but not the IPSec pool. Am I misunderstanding the use of the IPSec virtual IP address pool?

      How does this relate to the Local Network and BINAT/NAT settings in the Phase 2 configuration? Read the documentation and got even more confuseder.

      Thanks for any help you can give.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.