Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can connect on VPN server, but no internet access.

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aristosv
      last edited by

      I have a box running pfSense v2.4.3. I 've configured IPsec VPN access using this guide and this guide, and this is how I configured it.

      VPN > IPSec > Mobile Clients > Enable IPsec Mobile Client Support
      User Authentication > Local Database
      Provide a virtual IP address to clients > 192.168.50.32 / 27
      Provide a DNS server list to clients > 8.8.8.8 / 8.8.4.4
      Save > Apply Changes
      
      Create Phase 1
      Description > VPN
      Authentication Method > Mutual PSK + Xauth
      Peer Identifier > Distinguished name > vpn
      Pre-Shared Key > password_here
      NAT Traversal > Force
      Save > Apply Changes
      
      Show Phase 2 Entries > Add P2
      Local Network > Network > 0.0.0.0/0
      Save > Apply Changes
      
      System > User Manager > Add > Username > Password > Save
      Edit user
      Effective Privileges > Add > User – VPN: IPSec xauth Dialin > Save
      
      Firewall > Rules > IPSec > Add
      Description > VPN
      Save > Apply Changes
      

      My iPhone can connect on the VPN server and I can access resources on my network. The problem is that while I'm connected, I don't have internet access. What I'm I doing wrong here?

      1 Reply Last reply Reply Quote 0
      • A
        aristosv
        last edited by

        These are some of the forums posts describing the same problem, but have no replies. Is this a known issue?

        https://forum.pfsense.org/index.php?topic=129265.msg712293
        https://forum.pfsense.org/index.php?topic=124620.msg688397
        https://forum.pfsense.org/index.php?topic=142969.msg779268
        https://forum.pfsense.org/index.php?topic=124787.msg689214
        https://forum.pfsense.org/index.php?topic=121332.msg670565
        https://forum.pfsense.org/index.php?topic=120609.msg666813

        1 Reply Last reply Reply Quote 0
        • A
          aristosv
          last edited by

          Well, this fixed it for me.
          https://forum.pfsense.org/index.php?topic=117858.0

          Firewall > Rules > IPSec > Add > Protocol > TCP/UDP (initially only TCP was selected)
          I don't know why UDP was important, but now I can access local network resources and the internet.

          1 Reply Last reply Reply Quote 0
          • R
            Redmac
            last edited by

            UDP is needed for DNS lookup.

            Easiest to just set it for any (if your IPSEC clients are trusted of course)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.