Ipsec for mobile clients on 2.3.2

azafred

Hello guys and gals,
I have been working on this for a bit and I seem to be stuck.
I managed to setup my phase 1 and 2 so that clients can connect and establish a tunnel (with Radius Auth). However, said clients are not able to reach the outside world. Running a packet capture on the pfsense unit shows that everything is coming through (icmp pings), but the pfsense is not forwarding the return traffic back to the mobile client.
I have a feeling it is something very simple that I am simply overlooking, but I can't seem to figure out what.
Also it looks like I am not the only one with that exact problem, but browsing this forum has not yielded any answer.
(I have indeed setup my rules to pass all on all interfaces while testing, so firewall should not be an issue, but I am wondering about NAT).

Anyway, attach is my ipsec config overview.

Cheers and thanks in advance for any assistance,
Fred
![Screen Shot 2016-08-04 at 08.15.28.png](/public/imported_attachments/1/Screen Shot 2016-08-04 at 08.15.28.png)
![Screen Shot 2016-08-04 at 08.15.28.png_thumb](/public/imported_attachments/1/Screen Shot 2016-08-04 at 08.15.28.png_thumb)

azafred

Note: switching to Transport mode does not seem to work either, and the tunnel doesn't get established at all.

jimp

Do you see the traffic from clients leaving the WAN in a packet capture? Does that traffic have NAT applied?

Check the state table and see what the outgoing states look like for the traffic as well.