Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can't connect to or ping LAN hosts using IPsec mobile VPN

    IPsec
    1
    3
    948
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andrew_241 last edited by

      Hello!

      I'm new to using pfSense as a VPN server. I finally got it configured with IKEV2 and am able to successfully connect, but I can't ping any other host on the LAN. I have Phase 2 -> Network set to '0.0.0.0/0', and internal IPs are in the 192.168.1.x range. The mobile clients are given one of these private IPs. The firewall is set to allow IPsec connections from any to any. The pfSense router is the default gateway for the LAN.

      Also, is there a way to have my DHCP server (Windows Server) assign IP addresses to the VPN clients under this configuration?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • A
        andrew_241 last edited by

        I ran a packet capture with Wireshark, and it looks like no packets from the mobile client are hitting the LAN. The only packets I see referencing the mobile client's internal IP address are ARP requests: "Who has (mobile client internal IP)? Tell (IP address of Windows Server providing DNS and DHCP)."

        1 Reply Last reply Reply Quote 0
        • A
          andrew_241 last edited by

          I found the problem: under VPN -> IPsec -> Mobile Clients under 'Client Configuration', the 'Virtual Address Pool' has to be a completely different network address than the internal IP addresses I was using. This tip is on one of the how-to pages, and it looks like I overlooked a step. I also learned that there isn't a way yet to have the DHCP server assign IP addresses to VPN clients.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy