Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipsec for mobile clients on 2.3.2

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      azafred
      last edited by

      Hello guys and gals,
      I have been working on this for a bit and I seem to be stuck.
      I managed to setup my phase 1 and 2 so that clients can connect and establish a tunnel (with Radius Auth). However, said clients are not able to reach the outside world. Running a packet capture on the pfsense unit shows that everything is coming through (icmp pings), but the pfsense is not forwarding the return traffic back to the mobile client.
      I have a feeling it is something very simple that I am simply overlooking, but I can't seem to figure out what.
      Also it looks like I am not the only one with that exact problem, but browsing this forum has not yielded any answer.
      (I have indeed setup my rules to pass all on all interfaces while testing, so firewall should not be an issue, but I am wondering about NAT).

      Anyway, attach is my ipsec config overview.

      Cheers and thanks in advance for any assistance,
      Fred
      ![Screen Shot 2016-08-04 at 08.15.28.png](/public/imported_attachments/1/Screen Shot 2016-08-04 at 08.15.28.png)
      ![Screen Shot 2016-08-04 at 08.15.28.png_thumb](/public/imported_attachments/1/Screen Shot 2016-08-04 at 08.15.28.png_thumb)

      1 Reply Last reply Reply Quote 0
      • A
        azafred
        last edited by

        Note: switching to Transport mode does not seem to work either, and the tunnel doesn't get established at all.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Do you see the traffic from clients leaving the WAN in a packet capture? Does that traffic have NAT applied?

          Check the state table and see what the outgoing states look like for the traffic as well.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.