Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Roadwarrior users unable to access internet

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 676 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • maxxerM
      maxxer
      last edited by

      Hi.

      Many versions ago I installed RoadWarrior IPSec using this guide.

      I've always used the VPN to access LAN services and always worked fine, but lately I wanted to use it even for normal browsing while connected to unsecure network but I found out it won't allow internet access. I checked the configuration and everything seems fine, in the Mobile client tab I just enabled Provide a virtual IP address to clients with a custom network and Provide a DNS server list to clients with our internal DNSes.

      In the Firewall section I've a rule to access all IPv4+6 traffic. In the P2 section of the VPN I've stated 0.0.0.0/0 as Local network.

      When connected I noticed DNS resolution doesn't work, even removing the DNS override in the server configuration. Ping to local LAN works, but any outside destination (like 8.8.8.8) won't. What puzzles me is that even with the local DNSes, which are pingable, the DNS resolution doesn't work from Android while connected using StrongSwan.

      Sadly on Android I cannot see what's wrong, and I cannot figure out the problem. Any suggestion?

      thanks

      1 Reply Last reply Reply Quote 0
      • E
        emeianoite
        last edited by

        are you pushing DNS? Located in mobile tab, DNS, push google or which ever DNS you use. Also check firewall to make sure you're passing traffic to the right interface from the right subnet. I threw my virtual IP/30 within the same main IP sub.

        1 Reply Last reply Reply Quote 0
        • maxxerM
          maxxer
          last edited by

          found out! I have manual outbount NAT, so I needed to create a NAT rule from the IPSec subnet to the WAN interface

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.