Problems connecting mobile IPSEC client to PFSense 2.0



  • Hello everyone,

    I’m having some troubles getting a mobile client to connect to my local network using PFSense 2.0.  The problem seems to be some kind of firewall rule or routing problem instead of a vpn tunnel problem.  I say this because the vpn tunnel appears to come up without any problems, but when I try to ping any nodes on my local network the ping times out.  Is there a special rule that I should be creating under the IPSec tab in the firewall rules section?  Should I be creating some kind of static route?  Also, I am configuring all mobile clients with a 172.16.1.0/24 network and the local network is 192.168.1.0/24.

    Thanks.



  • Hello,

    I'm running latest 2.0 Alpha Alpha  version , and i'm experience the same problem.

    I use the Latest Shrewsoft VPN client.

    The Tunnel connects fine and the virtual adapter gets the first ip wich was given in the ip config in the firewall. eg. 192.168.255.0 /24

    gets 192.168.255.1…......

    my Lan network behind the firewall =  10.1.1.0/24

    i made a firewall rule on IPSEC for testing  to pass any to any  .

    unfotunally no ping results on any node in the 10.1.1.0  network  on the mobile Client.

    What i'm doing wrong ?  is there some bug here that the remote network can't be reached ?  :(



  • :)

    Finally found the problem , disabled NAT-T on the firewall and on the client.

    Now works o.k.



  • Perhaps too late, but I'll post it here anyway.

    You need to allow these things in your firewall:

    • UDP port 500 for IPSec

    • protocol ESP (or AH if set that way)

    • UDP port 4500 for NAT-T


Locked