Can't access LAN after connecting to IPSECv2 VPN



  • Hello!

    Local network: 10.1.1.0/24

    "Public" network: 10.3.0./22

    Virtual IP vpn pool: 10.5.5.0/24

    pfsense - LAN=10.1.1.1 WAN = 10.3.0.1

    After creating the mobile ipsec vpn server on my pfsense (2-4-4) according to https://www.netgate.com/docs/pfsense/book/ipsec/mobile-ipsec-example-ikev2.html I got the following results:

    1. A client (the Windows 7 workstation with ip = 10.3.0.100 located on the "public" network) does connect to pfsense (to its WAN with ip=10.3.0.1) - the ipsec connection succeeds and the tunnel is created. This client receives the ip = 10.5.5.1 from the vpn pool.

    2. This client can not ping either the pfsense's LAN (10.1.1.1) no any host on the local network (for example, 10.1.1.2).

    3. Any host on the local network (10.1.1.2, 10.1.1.11 ...) can ping the vpn client (10.5.5.1) while it's connected.

    All computers on the local network have their default gateways set to 10.1.1.1.
    There's a single firewall rule on the ipsec tab that permits all traffic from * to *.

    According to the documentation mentioned above no action is required to make traffic flow from vpn clients to local network - nevertheless it does not work. Would you please tell me what (if) else should be done to get access to the hosts in the local network?

    Thank you in advance,
    Michael



  • P.S. Sorry - Item 3 is wrong - no host can ping 10.5.5.1 from the LAN - I looked at the wrong ip.



  • All works perfect - please excuse me: there was a mistake in the firewall rule.

    Regards,
    Michael