Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC and Internet on Internal Network

    IPsec
    2
    6
    2.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pinoyboy
      last edited by

      Greetings, I have just setup IPSEC, and all works great but I can not get on the Internet when I am connected via IPSEC on the Internal network.  I can ping all my internal machines via ip address and internal DNS names - just can't get on Internet.  Any ideas?

      As a side note:

      I can VPN using Microsoft built in PPTP client on XP / Vista via PPTP (connecting via VPN using a Microsoft PPTP server inside the network), and I have no problem accessing any resources - internal or external (ip or DNS).

      1 Reply Last reply Reply Quote 0
      • K
        kapara
        last edited by

        Are you talking about a VPN Client?  If so which one?  I know many people make the mistake with PPTP of not unchecking the use remote gateway.  This might be similar to your problem.

        Skype ID:  Marinhd

        1 Reply Last reply Reply Quote 0
        • P
          pinoyboy
          last edited by

          I am using IPSEC VPN client for IPSEC connection - no Internet when using IPSEC on remote network.

          1 Reply Last reply Reply Quote 0
          • K
            kapara
            last edited by

            What is the name of the client?  Brand?

            Skype ID:  Marinhd

            1 Reply Last reply Reply Quote 0
            • P
              pinoyboy
              last edited by

              per author of Shrew VPN…and verified...

              In your site configuration, there is a tab named policy. If no options
              are specified in this tab, the client will send all traffic via the
              tunnel by default. If you only want to send specific traffic via the
              tunnel and everything else normally via your internet connection, you
              need to specify which networks are accessible via the tunnel.

              For example, if the pfSense box protects a LAN network 10.199.1.0/24 and
              the VPN client needs to access resources on that network, you would add
              an include policy for 10.199.1.0/255.255.255.0 in the site configuration
              policy tab. This tells the client to only send traffic destined to
              10.199.1.x across the tunnel and everything else will be handled locally.

              1 Reply Last reply Reply Quote 0
              • K
                kapara
                last edited by

                I am unclear of what you want.  Do you want to send internet traffic through the client vpn connection so that to access the internet you have to do so via the pfsense gateway?

                Skype ID:  Marinhd

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.