Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can connect on VPN server, but no internet access.

    IPsec
    2
    4
    1734
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aristosv last edited by

      I have a box running pfSense v2.4.3. I 've configured IPsec VPN access using this guide and this guide, and this is how I configured it.

      VPN > IPSec > Mobile Clients > Enable IPsec Mobile Client Support
      User Authentication > Local Database
      Provide a virtual IP address to clients > 192.168.50.32 / 27
      Provide a DNS server list to clients > 8.8.8.8 / 8.8.4.4
      Save > Apply Changes
      
      Create Phase 1
      Description > VPN
      Authentication Method > Mutual PSK + Xauth
      Peer Identifier > Distinguished name > vpn
      Pre-Shared Key > password_here
      NAT Traversal > Force
      Save > Apply Changes
      
      Show Phase 2 Entries > Add P2
      Local Network > Network > 0.0.0.0/0
      Save > Apply Changes
      
      System > User Manager > Add > Username > Password > Save
      Edit user
      Effective Privileges > Add > User – VPN: IPSec xauth Dialin > Save
      
      Firewall > Rules > IPSec > Add
      Description > VPN
      Save > Apply Changes
      

      My iPhone can connect on the VPN server and I can access resources on my network. The problem is that while I'm connected, I don't have internet access. What I'm I doing wrong here?

      1 Reply Last reply Reply Quote 0
      • A
        aristosv last edited by

        These are some of the forums posts describing the same problem, but have no replies. Is this a known issue?

        https://forum.pfsense.org/index.php?topic=129265.msg712293
        https://forum.pfsense.org/index.php?topic=124620.msg688397
        https://forum.pfsense.org/index.php?topic=142969.msg779268
        https://forum.pfsense.org/index.php?topic=124787.msg689214
        https://forum.pfsense.org/index.php?topic=121332.msg670565
        https://forum.pfsense.org/index.php?topic=120609.msg666813

        1 Reply Last reply Reply Quote 0
        • A
          aristosv last edited by

          Well, this fixed it for me.
          https://forum.pfsense.org/index.php?topic=117858.0

          Firewall > Rules > IPSec > Add > Protocol > TCP/UDP (initially only TCP was selected)
          I don't know why UDP was important, but now I can access local network resources and the internet.

          1 Reply Last reply Reply Quote 0
          • R
            Redmac last edited by

            UDP is needed for DNS lookup.

            Easiest to just set it for any (if your IPSEC clients are trusted of course)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy