cisco anyconnect connection issue with openvpn client connection
-
Hi! I'm running into an issue where a osx client on the LAN network can't connect to a VPN server using Cisco Anyconnect only AFTER the pfsense (2.4.5) FW has connected to a AirVPN server. The OSX LAN client can access the internet fine after the pfsense FW has established a AirVPN connection but for some reason the Cisco Anyconnect vpn isn't working on the osx client.
This setup worked fine on a ASUS wifi router setup until we stepped it up to using Pfsense.
-
Propably you route the Anyconnect VPN over the OpenVPN or the DNS requests and the hostname cannot be resolved.
-
"Propably you route the Anyconnect VPN over the OpenVPN "
Thats what I want to do to mask my ip address -
But possibly that VPN IP is blocked on the Cisco VPN server.
VPN service providers for instance are blocked on some web services. -
Cisco anyconnect - would normally be your work place.. I can not think of another service that would be using that?
So you want to hide your IP from your work place??
Never a good idea to tunnel inside a tunnel from a performance standpoint...
Users love to shoot themselves in the foot doing crazy shit - that is for sure..
-
Im using the same airvpn server. The performance is fine...it worked previously on a ASUS router that why I'm curious as to why its wrking on pfsense
-
And what is your anyconnect server using? Ipsec or DTLS?
As to performance being fine - doesn't mean its not taking a hit, not causing extra retrans, etc. etc. Didn't say it wouldn't work - but seems utterly pointless to hide your IP from your work place.. Unless your workplace thinks your working from home, and you want to work from elsewhere ;)
Going through a vpn connection would for sure mean a different nat if not a double nat. With dtls you would have 2 different tunnels one being tls, and the other being over 443 via UDP, etc.
-
I never said it was to hide my IP from workplace :)
I think its using ipsec -
What is the point of running an encrypted tunnel through another encrypted tunnel - if you don't care about hiding the source IP from the destination IP.
Not like your ISP can see what your sending down the vpn..
Your shooting yourself in the foot for why??
