Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC on pfSense VM using single LAN port - no internet access after connecting

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      the_dbp
      last edited by

      Hi all,

      I've got a non-standard pfSense setup, and I'm hoping the community can point me in the right direction.

      My LAN is setup as such:

      Internet –> Cable Modem --> Netgear Router providing NAT and DHCP --> pfSense virtual machine

      The pfSense virtual machine has two virtual network ports, but both are tied to the same physical port.

      WAN in pfSense is set to DHCP, receives a static IP of 192.168.10.210 from my Netgear Router.  Port forwarding from Netgear router passes VPN traffic to 192.168.10.210.

      LAN in pfSense is set to manual, 192.168.10.2.

      IPSEC hands out addresses in 10.10.10.0/24.
      IPSEC provides DNS of 8.8.8.8 and 8.8.4.4
      Since the WAN is also part of my internal network, I have the firewall wide open (pass all traffic on all ports)

      I'm able to connect remotely, and can access local network hosts, but I cannot get out to the internet when connected to the VPN. I don't believe it is a DNS issue as I cannot reach internet sites using their raw IP address.

      Outbound NAT rules are auto-generated and seem to be correct.

      Any ideas? Thanks in advance! I'd post screenshots but I made a change to my config that broke my connection and I'm not home to fix it :D Can add those later if they will be helpful.

      1 Reply Last reply Reply Quote 0
      • T
        the_dbp
        last edited by

        OK, fixed it - for anyone else trying a setup like this, the key for me was to set the Local Network setting to WAN network instead of LAN network, and setting NAT/BINAT to "none."

        Working like a champ now!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.