Can't connect to or ping LAN hosts using IPsec mobile VPN
-
Hello!
I'm new to using pfSense as a VPN server. I finally got it configured with IKEV2 and am able to successfully connect, but I can't ping any other host on the LAN. I have Phase 2 -> Network set to '0.0.0.0/0', and internal IPs are in the 192.168.1.x range. The mobile clients are given one of these private IPs. The firewall is set to allow IPsec connections from any to any. The pfSense router is the default gateway for the LAN.
Also, is there a way to have my DHCP server (Windows Server) assign IP addresses to the VPN clients under this configuration?
Thanks!
-
I ran a packet capture with Wireshark, and it looks like no packets from the mobile client are hitting the LAN. The only packets I see referencing the mobile client's internal IP address are ARP requests: "Who has (mobile client internal IP)? Tell (IP address of Windows Server providing DNS and DHCP)."
-
I found the problem: under VPN -> IPsec -> Mobile Clients under 'Client Configuration', the 'Virtual Address Pool' has to be a completely different network address than the internal IP addresses I was using. This tip is on one of the how-to pages, and it looks like I overlooked a step. I also learned that there isn't a way yet to have the DHCP server assign IP addresses to VPN clients.