Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't connect to or ping LAN hosts using IPsec mobile VPN

    Scheduled Pinned Locked Moved IPsec
    3 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andrew_241
      last edited by

      Hello!

      I'm new to using pfSense as a VPN server. I finally got it configured with IKEV2 and am able to successfully connect, but I can't ping any other host on the LAN. I have Phase 2 -> Network set to '0.0.0.0/0', and internal IPs are in the 192.168.1.x range. The mobile clients are given one of these private IPs. The firewall is set to allow IPsec connections from any to any. The pfSense router is the default gateway for the LAN.

      Also, is there a way to have my DHCP server (Windows Server) assign IP addresses to the VPN clients under this configuration?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • A
        andrew_241
        last edited by

        I ran a packet capture with Wireshark, and it looks like no packets from the mobile client are hitting the LAN. The only packets I see referencing the mobile client's internal IP address are ARP requests: "Who has (mobile client internal IP)? Tell (IP address of Windows Server providing DNS and DHCP)."

        1 Reply Last reply Reply Quote 0
        • A
          andrew_241
          last edited by

          I found the problem: under VPN -> IPsec -> Mobile Clients under 'Client Configuration', the 'Virtual Address Pool' has to be a completely different network address than the internal IP addresses I was using. This tip is on one of the how-to pages, and it looks like I overlooked a step. I also learned that there isn't a way yet to have the DHCP server assign IP addresses to VPN clients.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.