No traffic allowed between L2TP/IPsec and LAN
-
Hi,
I'm new to pfSense world and unfortunately due to hardware limitations my router runs version 2.3.5-p2. (it's 32 bits)
OTOH I'm not new to network world. Maybe rusty... Anyways...
Recently I created this router to have a VPN, so some suppliers could access our system in some VMs. To avoid software installation and certificates generation, I decided to use L2TP with IPsec.
I followed Netgate "manual" and not for my surprise I could establish the VPN tunnel. (My ISP might be blocking something, but I can establish it directly connected to the router)
Both sides can ping each other. LAN is 192.168.1.0/24 and L2TP users 192.168.255.128/25.
From LAN I can reach L2TP users, so far with no problems. But when I try to reach from L2TP to LAN, traffic response is blocked. Like this:
Aug 6 18:53:22 ► l2tp0 192.168.1.102:80 192.168.255.185:52222 TCP:SA Aug 6 18:53:22 ► l2tp0 192.168.1.102:80 192.168.255.185:52221 TCP:SA Aug 6 18:53:22 ► l2tp0 192.168.1.102:80 192.168.255.185:52220 TCP:SA
But I'm copying some files from 192.168.255.185, using SMB.
I tried to add a new rule based on this block clicking the + icon and it says "Invalid interface for pass rule: " and nothing else. Sounds reasonable, since it's a virtual interface fo VPN.
Not to mention it's also blocking response from web either, obviously. (but this is not my priority)
WAN:
LAN:
L2TP:
I'm pretty sure I'm missing something, but what?
Internet from lan doesn't seem ok either, even though it works. Hard to explain, but, for example, I couldn't post pictures here, got server error and from the hotel now it worked.
I'd really appreciate if someone could help.
Thanks
-
Bookmark L2TP VPN, Try changing the destination from *, to LAN net.
-
Thanks for the idea.
But my ISP had serious problems with ISAKMP thru their router, so I migrated to OpenVPN.