AWS IPSec mobile connections not using the "Provide a virtual IP address to clients" pool for clients



  • I am setting up mobile IPSec environment. I set "Provide a virtual IP address to clients" and set the address pool to ww.xx.yy.0/16. We also have an OpenVpn pool set to ww.xx.zz.0/16. (sorry for obfuscating the IP addresses, thought it might give away info to hackers).

    When I tried to connect to our EC2 instances it timed out. I tried adding the ww.xx.yy.0 subnet to the EC2 security group. I ran tcpdump on the pfSense system and noticed the connection requests were being made using the pfSense WAN ip address. Changing the security group now allows the connection to be made.

    The OpenVPN connections use the IP pool specified, but not the IPSec pool. Am I misunderstanding the use of the IPSec virtual IP address pool?

    How does this relate to the Local Network and BINAT/NAT settings in the Phase 2 configuration? Read the documentation and got even more confuseder.

    Thanks for any help you can give.


Log in to reply