IPSEC interface cannot see LAN interface



  • I have seen this question asked quite a few times but have never seen an answer, and now I have the same issue.

    I have a LAN interface (192.168.2.0/24) which uses my WAN for internet, plus another interface (192.168.3.0/24) which accesses the internet through an IPSEC VPN.  Internet access works fine, but I cannot access the LAN network from the IPSEC network.  The phase 2 tunnel for this goes from 192.168.3.0/24 to 0.0.0.0/0.

    I can ping 192.168.2.1 from the VPN network but cannot ping any other computers on the 192.168.2.0/24 network.

    I tried adding 192.168.2.1 as a gateway, and added a firewall rule on the 192.168.3.0 interface to pass any traffic with destination of LAN through this gateway.  When I ping I do see a state created on that firewall line but the status is 0:0 as seen below.

    OVPN icmp 192.168.3.25:1 -> 192.168.2.4:1 0:0 120 / 0 7 KiB / 0 B

    I am just not sure where or how in the routing that things are passed to the IPSEC tunnel.

    I have also tried an OpenVPN tunnel instead.  The routing is easier here and I can access all of the other networks but OpenVPN is much slower for some reason (5 mbps compared to 30 mbps).

    I also experimented with doing a GRE tunnel over IPSEC, as I thought the routing would be more flexible.  I got it connected but I could never get traffic to pass through it.

    If I can get the internal interfaces talking to each other I think IPSEC will be the best solution.  Any ideas?


Log in to reply