IPSEC and Internet on Internal Network



  • Greetings, I have just setup IPSEC, and all works great but I can not get on the Internet when I am connected via IPSEC on the Internal network.  I can ping all my internal machines via ip address and internal DNS names - just can't get on Internet.  Any ideas?

    As a side note:

    I can VPN using Microsoft built in PPTP client on XP / Vista via PPTP (connecting via VPN using a Microsoft PPTP server inside the network), and I have no problem accessing any resources - internal or external (ip or DNS).



  • Are you talking about a VPN Client?  If so which one?  I know many people make the mistake with PPTP of not unchecking the use remote gateway.  This might be similar to your problem.



  • I am using IPSEC VPN client for IPSEC connection - no Internet when using IPSEC on remote network.



  • What is the name of the client?  Brand?



  • per author of Shrew VPN…and verified...

    In your site configuration, there is a tab named policy. If no options
    are specified in this tab, the client will send all traffic via the
    tunnel by default. If you only want to send specific traffic via the
    tunnel and everything else normally via your internet connection, you
    need to specify which networks are accessible via the tunnel.

    For example, if the pfSense box protects a LAN network 10.199.1.0/24 and
    the VPN client needs to access resources on that network, you would add
    an include policy for 10.199.1.0/255.255.255.0 in the site configuration
    policy tab. This tells the client to only send traffic destined to
    10.199.1.x across the tunnel and everything else will be handled locally.



  • I am unclear of what you want.  Do you want to send internet traffic through the client vpn connection so that to access the internet you have to do so via the pfsense gateway?


Log in to reply